Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries

Summary Aggregate functions min, max applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated user with read access to the affected collection can extract concealed field values, includi...

CVE-2024-47822

CVE-2024-47822 – Directus : The issue arises from access tokens in query strings not being redacted when LOG_STYLE is set to raw, allowing potential exposure of long‑lived tokens in system logs. This could enable an attacker with log access to gain administrative control or perform unauthorized d...

SUSE CVE-2013-3712

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors...

CVE-2019-10176

A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perfo...

CVE-2013-3712

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors...