CVE-2024-27295
published 2024-03-01CVE-2024-27295: Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to…
PriorityP347high8.2CVSS 3.1
AVNACLPRNUINSUCHILAN
EPSS
0.70%
48.6th percentile
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| directus | directus | < 10.8.3 | 10.8.3 |
| directus | directus | >= 0 < 10.8.3 | 10.8.3 |
| monospace | directus | < 10.8.3 | 10.8.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directus has MySQL accent insensitive email matching
osv·2024-03-01
CVE-2024-27295 [HIGH] Directus has MySQL accent insensitive email matching
Directus has MySQL accent insensitive email matching
## Password reset vulnerable to accent confusion
The password reset mechanism of the Directus backend is implemented in a way where combined with (specific, need to double check if i can work around) configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents.
This is due to the fact that by default MySQL/MariaDB are configured for accent-insenstive and case-insensitve comparisons.
MySQL weak comparison:
```sql
select 1 from directus_users where '[email protected]' = 'julian@cüre53.de';
```
This is exploitable due to an error in the API using the supplied e
GHSA
Directus has MySQL accent insensitive email matching
ghsa·2024-03-01
CVE-2024-27295 [HIGH] CWE-706 Directus has MySQL accent insensitive email matching
Directus has MySQL accent insensitive email matching
## Password reset vulnerable to accent confusion
The password reset mechanism of the Directus backend is implemented in a way where combined with (specific, need to double check if i can work around) configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents.
This is due to the fact that by default MySQL/MariaDB are configured for accent-insenstive and case-insensitve comparisons.
MySQL weak comparison:
```sql
select 1 from directus_users where '[email protected]' = 'julian@cüre53.de';
```
This is exploitable due to an error in the API using the supplied e
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-01
Published