CVE-2024-39896

Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2	Patch
https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v	Exploit Vendor Advisory
https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2	Patch
https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*

History

03 Jan 2025, 16:30

Type	Values Removed	Values Added
First Time		Monospace Monospace directus
References	~~() https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2 -~~	() https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2 - Patch
References	~~() https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v -~~	() https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v - Exploit, Vendor Advisory
CPE		cpe:2.3:a:monospace:directus::::::node.js::*
CWE		NVD-CWE-noinfo

Information

Published : 2024-07-08 18:15

Updated : 2025-01-03 16:30

NVD link : CVE-2024-39896

Mitre link : CVE-2024-39896

CVE.ORG link : CVE-2024-39896

JSON object : View

Products Affected

monospace

directus

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-39896", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-08T18:15:08.383", "references": [{"url": "https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a \"helpful\" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0."}, {"lang": "es", "value": "Directus es una API y un panel de aplicaciones en tiempo real para administrar el contenido de la base de datos SQL. Cuando se depende de proveedores de SSO en combinaci\u00f3n con la autenticaci\u00f3n local, es posible enumerar los usuarios de SSO existentes en la instancia. Esto es posible porque si existe una direcci\u00f3n de correo electr\u00f3nico en Directus y pertenece a un proveedor de SSO conocido, se generar\u00e1 un error \"helpful\" de que el usuario pertenece a otro proveedor. Esta vulnerabilidad se solucion\u00f3 en 10.13.0."}], "lastModified": "2025-01-03T16:30:43.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "1C808521-9592-4730-A53F-CCBA4486C092", "versionEndExcluding": "10.13.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}