Lucene search

Veracode Vulnerability DatabaseVERACODE:46886

HistoryMay 14, 2024 - 6:29 a.m.

Sensitive Information Disclosure

2024-05-1406:29:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

directus vulnerability

plaintext data

retrieval

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to inadequate filtering of hashed data when using the alias API, allowing users to retrieve sensitive information in plaintext that is normally redacted.

CPENameOperatorVersion
directusle10.10.7
directusle10.10.7

CPE	Name	Operator	Version
	directus	le	10.10.7
	directus	le	10.10.7

References

github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b

github.com/directus/directus/pull/22332

github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VERACODE:46886