PRIOn Logo

CVE-2024-34709 Design/Logic Flaw

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry time which is set to 1 day by default. Making it effectively a long lived unrevokable stateless token instead of the stateful session token it was meant to be. This vulnerability is fixed in 10.11.0.

CWE: CWE-613
CVSS v2-
CVSS v35.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
References
https://github.com/directus/directus/security/advisories/GHSA-g65h-35f3-x2w3
https://github.com/directus/directus/commit/a6172f8a6a0f31a6bf4305a090de172ebfb63bcf
Affected Vendors

Directus - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Design/Logic Flaw

CVSS Scores as calculated by PRIOnengine
CVSS v25
AV:N/AC:L/AU:N/C:P/I:N/A:N
CVSS v37.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

WASC-19 - SQL Injection