Information Disclosore

2023-03-2805:26:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

directus

vulnerability

logger.ts

information disclosure

sensitive information

EPSS

Percentile

15.5%

JSON

directus is vulnerable to Information Disclosure. The vulnerability exists due to pinoHTTP in logger.ts because the directus_refresh_token is not properly redacted which allows an attacker to gain sensitive information through the log files.

References

github.com/advisories/GHSA-8vg2-wf3q-mwv7

github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13

github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc

github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7

EPSS

Percentile

15.5%

JSON

Related for VERACODE:39969