CVE-2024-28238Sensitive Information Exposure in Directus

CWE-200Sensitive Information ExposureCWE-598Use of GET Request Method With Sensitive Query Strings3 documents3 sources
Severity
2.3LOWNVD
EPSS
0.1%
top 74.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
DirectusMonospace Directus
Timeline
PublishedMar 12

Description

Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5directus/directus< 10.10.0
npmdirectus/directus< 10.10.0
NVDmonospace/directus< 10.10.0

🔴Vulnerability Details

2
GHSA
Session Token in URL in directus2024-03-12
OSV
Session Token in URL in directus2024-03-12