Lucene search
Veracode Vulnerability DatabaseVERACODE:35005HistoryApr 07, 2022 - 5:25 a.m.
Insecure Defaults
2022-04-0705:25:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
directus
software security
insecure defaults
cors settings
unauthorized access
EPSS
0.002
Percentile
57.7%
directus is using insecure defaults. The use of default CORS settings in the Record function of env.ts which are very permissive for uncontrolled environments allows an attacker to access unauthorized resources in the system.
References
developer.mozilla.org/en-US/docs/Web/HTTP/CORS
github.com/advisories/GHSA-g27j-74fp-xfpr
github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
github.com/directus/directus/commit/826404bcbe769f9bcd526baec41e696237b78ebb
github.com/directus/directus/pull/12022
github.com/directus/directus/releases/tag/v9.7.0
Related
prion
prion
Default configuration
2022-12-26 06:15:00
github
github
Insecure default value for CORS configuration
2022-04-05 18:31:22
nvd
nvd
CVE-2022-26969
2022-12-26 06:15:10
osv
osv
CVE-2022-26969
2022-12-26 06:15:10
Insecure default value for CORS configuration
2022-04-05 18:31:22
cvelist
cvelist
CVE-2022-26969
2022-12-26 00:00:00
cve
cve
CVE-2022-26969
2022-12-26 06:15:10