CVE-2024-47822

Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.6 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/directus/directus/commit/2e893f9c576d5a02506272fe2c0bcc12e6c58768
https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*

History

14 Apr 2025, 12:15

Type	Values Removed	Values Added
References		() https://github.com/directus/directus/commit/2e893f9c576d5a02506272fe2c0bcc12e6c58768 -

03 Jan 2025, 16:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:monospace:directus::::::node.js::*
References	~~() https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp -~~	() https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp - Exploit, Vendor Advisory
First Time		Monospace Monospace directus

Information

Published : 2024-10-08 18:15

Updated : 2025-04-14 12:15

NVD link : CVE-2024-47822

Mitre link : CVE-2024-47822

CVE.ORG link : CVE-2024-47822

JSON object : View

Products Affected

monospace

directus

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-47822", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}]}, "published": "2024-10-08T18:15:31.170", "references": [{"url": "https://github.com/directus/directus/commit/2e893f9c576d5a02506272fe2c0bcc12e6c58768", "source": "security-advisories@github.com"}, {"url": "https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Directus es una API en tiempo real y un panel de control de aplicaciones para administrar el contenido de bases de datos SQL. Los tokens de acceso de las cadenas de consulta no se eliminan y pueden quedar expuestos en registros del sistema que pueden persistir. El token de acceso en `req.query` no se elimina cuando `LOG_STYLE` se establece en `raw`. Si estos registros no se desinfectan o protegen adecuadamente, un atacante con acceso a ellos puede potencialmente obtener control administrativo, lo que lleva al acceso y manipulaci\u00f3n de datos no autorizados. Esto afecta a los sistemas donde `LOG_STYLE` se establece en `raw`. El `access_token` en la consulta podr\u00eda ser potencialmente un token est\u00e1tico de larga duraci\u00f3n. Los usuarios con sistemas afectados deben rotar sus tokens est\u00e1ticos si se les proporcionaron mediante una cadena de consulta. Esta vulnerabilidad se ha corregido en la versi\u00f3n de lanzamiento 10.13.2 y versiones posteriores tambi\u00e9n. Se recomienda a los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."}], "lastModified": "2025-04-14T12:15:14.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "995104A5-7032-4BC1-9E90-ABE8E13DC287", "versionEndExcluding": "10.13.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}