Directus
Monthly
Directus before 11.17.0 stores sensitive authentication and credential data in plaintext within revision records due to incomplete sanitization of revision snapshots, allowing authenticated users with database access to retrieve user tokens, 2FA secrets, external auth identifiers, and API keys from the directus_revisions table. The vulnerability affects all versions before 11.17.0 and requires low-privilege authenticated access to exploit; no public exploit code or active exploitation has been identified at time of analysis.
Authenticated file overwrite vulnerability in Directus < 11.17.0 allows low-privileged users to corrupt arbitrary files by manipulating the filename_disk parameter in PATCH /files/{id} requests. Attackers can overwrite other users' file content and forge metadata fields (e.g., uploaded_by) to hide evidence of tampering. Requires authenticated access (PR:L). Scope change (S:C) indicates potential cross-tenant impact. No public exploit identified at time of analysis.
Directus versions before 11.14.1 contain a timing-based side-channel vulnerability in the password reset function that allows unauthenticated attackers to enumerate valid user accounts by measuring response time differences when submitting invalid reset URLs. The approximately 500ms variance between responses for existing versus non-existing users enables reliable, remote user discovery without authentication. A patch is available in version 11.14.1 and later.
Directus versions prior to 11.14.0 contain an open redirect vulnerability in the SAML authentication callback that allows unauthenticated attackers to redirect users to arbitrary external URLs by manipulating the RelayState parameter. The validation checks present during login initiation are not applied to the callback endpoint, enabling phishing and credential theft attacks. A patch is available in version 11.14.0 and later.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Directus is a real-time API and App dashboard for managing SQL database content. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus before 11.17.0 stores sensitive authentication and credential data in plaintext within revision records due to incomplete sanitization of revision snapshots, allowing authenticated users with database access to retrieve user tokens, 2FA secrets, external auth identifiers, and API keys from the directus_revisions table. The vulnerability affects all versions before 11.17.0 and requires low-privilege authenticated access to exploit; no public exploit code or active exploitation has been identified at time of analysis.
Authenticated file overwrite vulnerability in Directus < 11.17.0 allows low-privileged users to corrupt arbitrary files by manipulating the filename_disk parameter in PATCH /files/{id} requests. Attackers can overwrite other users' file content and forge metadata fields (e.g., uploaded_by) to hide evidence of tampering. Requires authenticated access (PR:L). Scope change (S:C) indicates potential cross-tenant impact. No public exploit identified at time of analysis.
Directus versions before 11.14.1 contain a timing-based side-channel vulnerability in the password reset function that allows unauthenticated attackers to enumerate valid user accounts by measuring response time differences when submitting invalid reset URLs. The approximately 500ms variance between responses for existing versus non-existing users enables reliable, remote user discovery without authentication. A patch is available in version 11.14.1 and later.
Directus versions prior to 11.14.0 contain an open redirect vulnerability in the SAML authentication callback that allows unauthenticated attackers to redirect users to arbitrary external URLs by manipulating the RelayState parameter. The validation checks present during login initiation are not applied to the callback endpoint, enabling phishing and credential theft attacks. A patch is available in version 11.14.0 and later.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Directus is a real-time API and App dashboard for managing SQL database content. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.