PRIOn Logo

CVE-2024-34708 Design/Logic Flaw

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0.

CWE: CWE-200
CVSS v2-
CVSS v34.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References
https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx
https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b
Affected Vendors

Directus - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Design/Logic Flaw

CVSS Scores as calculated by PRIOnengine
CVSS v24
AV:N/AC:L/AU:S/C:P/I:N/A:N
CVSS v36.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
MITRE CWE Top 25

Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

WASC-19 - SQL Injection