Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
References
Configurations
History
21 Nov 2024, 07:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13 - Vendor Advisory | |
References | () https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc - Patch | |
References | () https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7 - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.2 |
29 Mar 2023, 14:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | (MISC) https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc - Patch | |
References | (MISC) https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13 - Vendor Advisory | |
References | (MISC) https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7 - Exploit, Vendor Advisory |
24 Mar 2023, 01:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-24 00:15
Updated : 2024-11-21 07:55
NVD link : CVE-2023-28443
Mitre link : CVE-2023-28443
CVE.ORG link : CVE-2023-28443
JSON object : View
Products Affected
monospace
- directus