CVE-2021-26595

** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Link Resource
https://github.com/sgranel/directusv8 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-23 19:15

Updated : 2024-08-03 21:15


NVD link : CVE-2021-26595

Mitre link : CVE-2021-26595

CVE.ORG link : CVE-2021-26595


JSON object : View

Products Affected

rangerstudio

  • directus
CWE
CWE-312

Cleartext Storage of Sensitive Information