Lucene search
Veracode Vulnerability DatabaseVERACODE:47975HistoryJul 09, 2024 - 6:35 a.m.
Improper Access Control
2024-07-0906:35:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
directus
vulnerability
improper access control
handling
operators
attacker
query expressions
empty arrays
unauthorized access
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
6.6
Confidence
High
directus is vulnerable to Improper Access Control. The vulnerability is due to improper handling of _in and _nin operators, which allows an attacker to query expressions with empty arrays, which are evaluated as valid, resulting in unauthorized access.
Related
osv
osv
Directus incorrectly handles `_in` filter
2024-07-08 18:37:54
nvd
nvd
CVE-2024-39701
2024-07-08 17:15:11
github
github
Directus incorrectly handles `_in` filter
2024-07-08 18:37:54
cvelist
cvelist
CVE-2024-39701 Directus Incorrectly handles _in` filter
2024-07-08 16:43:01
vulnrichment
vulnrichment
CVE-2024-39701 Directus Incorrectly handles _in` filter
2024-07-08 16:43:01
cve
cve
CVE-2024-39701
2024-07-08 17:15:11
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
6.6
Confidence
High
Related for VERACODE:47975