CVE-2024-28238

low-risk
Published 2024-03-12

Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Monospace

References (2)

Vendor Advisory https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677
Vendor Advisory https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677
15
/ 100
low-risk
Severity 10/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal