CVE-2024-6534Authorization Bypass Through User-Controlled Key in Directus

CWE-639Authorization Bypass Through User-Controlled KeyCWE-79Cross-site Scripting8 documents3 sources
Severity
5.4MEDIUMNVD
NVD4.3GHSA4.3OSV4.3
EPSS
0.1%
top 82.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
DirectusMonospace Directus
Timeline
PublishedAug 15
Latest updateJan 23

Description

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

npmdirectus/directus< 10.13.2+2
CVEListV5directus/directus10.13.0
NVDmonospace/directus10.13.0

🔴Vulnerability Details

6
OSV
Directus has a DOM-Based cross-site scripting (XSS) via layout_options2025-01-23
GHSA
Directus has a DOM-Based cross-site scripting (XSS) via layout_options2025-01-23
GHSA
Directus has an insecure object reference via PATH presets2024-08-27
OSV
Directus has an insecure object reference via PATH presets2024-08-27
OSV
Duplicate Advisory: Code injection in Directus2024-08-15