5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to insecure handling of version information, as the exact version number is included in compiled JS bundles that are accessible without authentication. This exposes potential information that a malicious attacker can exploit to identify and target known vulnerabilities in Directus core or its dependencies specific to that running version.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%