Lucene search
+L

35 matches found

cve
cve
added 2023/03/03 9:49 p.m.133 views

CVE-2023-26492

Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to /files/import), exploitable via DNS rebinding to bypass IP deny lists and access sensitive internal data. Affected versions include Directus prior to 9.23.0 (e.g.,

7.5CVSS6.5AI score0.0096EPSS
Web
cve
cve
added 2024/03/01 3:37 p.m.130 views

CVE-2024-27295

Directus vulnerability CVE-2024-27295: the password reset flow can be abused due to accent-insensitive and case-insensitive comparisons in MySQL/MariaDB, enabling an attacker to request a reset for a victim’s account by using a near-identical email address (with accented characters). The issue af...

8.2CVSS8.3AI score0.00702EPSS
cve
cve
added 2024/10/08 5:54 p.m.122 views

CVE-2024-47822

CVE-2024-47822 – Directus : The issue arises from access tokens in query strings not being redacted when LOG_STYLE is set to raw, allowing potential exposure of long‑lived tokens in system logs. This could enable an attacker with log access to gain administrative control or perform unauthorized d...

4.2CVSS4.9AI score0.00311EPSS
cve
cve
added 2024/03/01 3:43 p.m.121 views

CVE-2024-27296

CVE-2024-27296 affects Directus: prior to 10.8.3, the exact Directus version is shipped in compiled JS bundles accessible without authentication, enabling attackers to map to known vulnerabilities in Directus core or dependencies. The issue has been fixed in 10.8.3 and later. Remediation is upgra...

5.3CVSS5.5AI score0.0057EPSS
cve
cve
added 2023/03/23 11:13 p.m.112 views

CVE-2023-28443

CVE-2023-28443 affects Directus before version 9.23.3, where the token directus_refresh_token is not redacted in logs, enabling potential user impersonation. The root cause is improper token redaction in log output, leading to sensitive data exposure via logging. The vulnerability requires access...

5.5CVSS5AI score0.00312EPSS
cve
cve
added 2024/03/12 8:24 p.m.112 views

CVE-2024-28238

CVE-2024-28238 concerns Directus, where a session token (JWT) is sent via GET on the /files page. This exposes tokens to logs (web servers, browser history), enabling potential session hijacking and unauthorized actions if an attacker accesses those logs. Public sources in the connected documents...

2.3CVSS3.7AI score0.00245EPSS
cve
cve
added 2024/03/12 8:23 p.m.111 views

CVE-2024-28239

CVE-2024-28239 affects Directus. The authentication API’s redirect parameter can be exploited to perform an open redirect during login (e.g., redirect to http://malicious-fishing-site.com after OAuth2 login). This can enable phishing by steering users to a forged error page while using a legitima...

5.4CVSS5.8AI score0.00583EPSS
Web
cve
cve
added 2025/01/23 5:45 p.m.109 views

CVE-2025-24353

Directus prior to version 11.2.0 is vulnerable to privilege escalation via the share feature. A user can specify an arbitrary role when sharing an item, enabling access to fields that should be restricted for their role. Affected instances are those using the share feature with a role hierarchy a...

5CVSS5.4AI score0.00372EPSS
cve
cve
added 2022/12/26 12:0 a.m.104 views

CVE-2022-26969

CVE-2022-26969 affects Directus prior to version 9.7.0, where the default settings for CORS_ORIGIN and CORS_ENABLED are true. The Red Hat and NVD entries confirm this issue, with a high-severity CVSS v3.1 base score (9.8, CRITICAL) and a network-based vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)....

9.8CVSS9.4AI score0.00927EPSS
cve
cve
added 2024/07/08 4:47 p.m.99 views

CVE-2024-39895

Directus (graph-based API) is affected by a DoS via GraphQL field duplication. An attacker can craft a query to duplicate fields (e.g., GraphQL /graphql calls in dashboards), causing excessive resource usage and service unavailability. The vulnerability is fixed in Directus 10.12.0. Remediation: ...

6.5CVSS6.5AI score0.00795EPSS
cve
cve
added 2024/07/08 5:27 p.m.99 views

CVE-2024-39896

Directus (real-time API/admin for SQL content) has a user-enumeration flaw when relying on SSO providers together with local login. If an email exists and belongs to a known SSO provider, Directus may emit a “helpful” error indicating the user belongs to another provider, enabling enumeration of ...

7.5CVSS7.5AI score0.00506EPSS
cve
cve
added 2024/06/03 2:59 p.m.94 views

CVE-2024-36128

Directus (Real-time API/dashboard for SQL databases) is affected by CVE-2024-36128 prior to version 10.11.2. Providing a non-numeric length to the random string generation utility triggers a memory issue that disrupts random session IDs, causing a denial of service where logged-in sessions can no...

7.5CVSS7.4AI score0.0062EPSS
cve
cve
added 2024/07/08 3:32 p.m.94 views

CVE-2024-39699

Directus has a Blind SSRF via redirects in file import. The vulnerability arises because redirects are allowed during URL-based imports and the response URL isn’t validated, enabling requests to internal IPs (e.g., 127.0.0.1) despite earlier fixes that only validated DNS/internal IPs. The issue i...

5CVSS5.3AI score0.00435EPSS
cve
cve
added 2024/09/18 4:55 p.m.91 views

CVE-2024-46990

Summary: CVE-2024-46990 affects Directus where blocking localhost via the default 0.0.0.0 filter can be bypassed using other loopback addresses (e.g., 127.0.0.2–127.127.127.127). Vulnerability details (supported by connected docs): Directus real-time API and app dashboard fails to restrict access...

5CVSS5.4AI score0.00463EPSS
cve
cve
added 2024/09/10 6:43 p.m.88 views

CVE-2024-45596

Summary: Directus real-time API/dashboard contains a vulnerability where an unauthenticated user can obtain the credentials of the last authenticated user via OpenID or OAuth2 when the redirect parameter is missing. Root cause: the respond middleware caches certain GET requests, and the condition...

7.4CVSS7.6AI score0.00618EPSS
cve
cve
added 2024/05/13 7:33 p.m.84 views

CVE-2024-34708

Directus 10.x is affected by a Sensitive Information Disclosure vulnerability where a user with permission to view any collection can bypass redaction via the alias API parameter (alias[workaround]=redacted), exposing plaintext values of hashed fields. The root cause is improper handling of the a...

4.9CVSS6.7AI score0.00757EPSS
cve
cve
added 2024/05/13 7:39 p.m.83 views

CVE-2024-34709

Directus before version 10.11.0 does not invalidate session tokens on logout. The directus_session cookie is destroyed, but if the cookie value is captured, it remains valid for the token’s full expiry (1 day by default), effectively making it a long-lived, unrevokable stateless token. The issue ...

5.4CVSS5.6AI score0.0045EPSS
cve
cve
added 2022/08/19 8:40 p.m.71 views

CVE-2022-36031

Directus CVE-2022-36031 affects the Directus data platform. The issue arises when an authorized (non-admin) user with permission to update the filename_disk field on directus_files changes the value to a folder and then accesses that file via the /assets endpoint, causing the Directus process to ...

6.5CVSS6.5AI score0.00837EPSS
cve
cve
added 2023/03/07 6:20 p.m.63 views

CVE-2023-27481

CVE-2023-27481—Directus password-hash exposure risk : Directus prior to 9.16.0 allowed users with read access to the password field in directus_users to enumerate argon2 password hashes by abusing the export function with a _starts_with filter. The root cause is a permissive filtering path on has...

4.3CVSS4.8AI score0.00604EPSS
cve
cve
added 2026/04/09 4:12 p.m.36 views

CVE-2026-39943

CVE-2026-39943 (Directus) affects Directus prior to v11.17.0. The revision-snapshot path writes revisions to directus_revisions without consistently applying the prepareDelta sanitization, potentially storing sensitive fields (tokens, 2FA secrets, external auth identifiers, auth data, credentials...

6.5CVSS6AI score0.0017EPSS
cve
cve
added 2026/04/06 9:34 p.m.31 views

CVE-2026-35413

Directus CVE-2026-35413 exposes schema structure via the server_specs_graphql resolver on /graphql/system when GRAPHQL_INTROSPECTION is false. Multiple trusted sources (Directus advisories, Red Hat, OSV, Snyk, etc.) confirm that before version 11.16.1, SDL-style schema data could be retrieved by ...

5.3CVSS5.9AI score0.00314EPSS
Web
cve
cve
added 2026/04/06 9:33 p.m.29 views

CVE-2026-35411

Directus prior to 11.16.1 is vulnerable to an open redirect on the /admin/tfa-setup page via the redirect parameter. An administrator who has not configured 2FA can be presented with the legitimate 2FA setup page, and after completing setup the app redirects to an attacker‑controlled URL without ...

4.3CVSS5.9AI score0.00256EPSS
Web
cve
cve
added 2026/02/12 9:54 p.m.26 views

CVE-2026-26185

Directus before v11.14.1 is affected by a timing-based user enumeration vulnerability in the password reset flow. When an invalid reset_url is supplied, responses differ by about 500ms between existing and non-existing users, enabling enumeration of valid usernames. The issue is fixed in v11.14.1...

5.3CVSS5.7AI score0.00349EPSS
cve
cve
added 2026/04/06 9:31 p.m.26 views

CVE-2026-35409

Directus SSRF protection bypass (CVE-2026-35409) arises from inadequate normalization of IPv4-mapped IPv6 addresses in the deny-list, allowing requests to internal/private targets to bypass the IP filter in file import workflows. Affected product: Directus real-time API/dashboard; vulnerability f...

7.7CVSS5.8AI score0.00336EPSS
cve
cve
added 2026/01/08 2:32 p.m.24 views

CVE-2026-22032

Directus before v11.14.0 has an open redirect in the SAML authentication callback endpoint. The RelayState used to preserve the original destination is not validated for the callback, enabling an attacker to redirect users to an arbitrary external URL after login completion. The issue affects bot...

6.1CVSS7.2AI score0.00196EPSS
cve
cve
added 2026/04/06 9:36 p.m.23 views

CVE-2026-35441

Directus CVE-2026-35441 affects Directus up to version 11.16.x, with the GraphQL endpoints /graphql and /graphql/system failing to deduplicate resolver invocations within a single request. The vulnerability allows an authenticated user to abuse GraphQL aliasing to trigger many expensive relationa...

6.5CVSS6AI score0.00361EPSS
Web
cve
cve
added 2025/11/13 8:54 p.m.22 views

CVE-2025-64746

Directus before 11.13.0 improperly cleans up field-level permissions when a field is deleted. A stale permission reference remains in the permissions table; if a new field with the same name is created, it inherits those outdated permissions, potentially granting access to data users should not r...

5.4CVSS6.9AI score0.00187EPSS
cve
cve
added 2026/04/09 4:7 p.m.22 views

CVE-2026-39942

CVE-2026-39942 (Directus) is a path traversal/broken access control issue in the Directus file management API. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. An attacker can set filename_disk to the storage path of another user’s file, allowing...

8.8CVSS5.9AI score0.00204EPSS
Web
cve
cve
added 2026/04/06 9:32 p.m.21 views

CVE-2026-35410

CVE-2026-35410 – Directus open redirect : The vulnerability lies in Directus’ login redirection logic, where the isLoginRedirectAllowed function can misclassify malformed URLs as internal, bypassing the redirect allow-list and sending authenticated users to arbitrary external domains. Affected so...

6.1CVSS6.1AI score0.00256EPSS
cve
cve
added 2025/11/13 9:13 p.m.19 views

CVE-2025-64747

CVE-2025-64747 describes a stored XSS in Directus prior to version 11.13.0. Attackers with upload files and edit item permissions can inject JavaScript via the Block Editor interface. The technique exploits insufficient sanitization and uses an iframe with a srcdoc attribute to bypass CSP, enabli...

5.5CVSS5.5AI score0.00241EPSS
cve
cve
added 2026/04/06 9:30 p.m.19 views

CVE-2026-35408

Summary of CVE-2026-35408 (Directus): Prior to 11.17.0, Directus SSO login pages did not send COOP headers, enabling a malicious cross-origin window to access/manipulate the login page and potentially intercept/redirect the OAuth flow to an attacker-controlled client. This could lead to unauthori...

9.3CVSS5.9AI score0.00169EPSS
cve
cve
added 2026/04/06 9:36 p.m.19 views

CVE-2026-35442

CVE-2026-35442 affects Directus prior to 11.17.0, where aggregate functions (min/max) on fields with the concealed type can return raw database values instead of masked placeholders. When used with groupBy, any authenticated user with read access to the affected collection can extract concealed v...

8.1CVSS5.9AI score0.00337EPSS
cve
cve
added 2025/11/13 9:29 p.m.18 views

CVE-2025-64748

CVE-2025-64748 affects Directus (real-time API and app dashboard for SQL databases). Prior to 11.13.0, authenticated users with read permissions can search concealed/sensitive fields; while actual values are masked, matching records reveal existence of those values, enabling data enumeration. Aff...

6.5CVSS6.7AI score0.0027EPSS
cve
cve
added 2025/11/13 9:34 p.m.18 views

CVE-2025-64749

Directus REST API (version

4.3CVSS6.8AI score0.00328EPSS
Web
cve
cve
added 2026/04/06 9:33 p.m.17 views

CVE-2026-35412

Directus prior to 11.16.1 is vulnerable to an authorization bypass in the TUS resumable upload endpoint (/files/tus). The TUS controller only performs collection-level authorization on directus_files and does not validate item-level access for the target file, allowing any authenticated user with...

8.1CVSS6.1AI score0.00302EPSS
Web