CVE-2024-28239 — Open Redirect in Directus

CWE-601 — Open Redirect3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Directus Monospace Directus

Timeline

PublishedMar 12

Description

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5directus/directus< 10.10.0

▶npmdirectus/directus< 10.10.0

▶NVDmonospace/directus< 10.10.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

URL Redirection to Untrusted Site in OAuth2/OpenID in directus↗2024-03-12

▶

GHSA

URL Redirection to Untrusted Site in OAuth2/OpenID in directus↗2024-03-12

▶