GitHub_MVULNRICHMENT:CVE-2024-39896CVE-2024-39896 Directus allows SSO User Enumeration
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a “helpful” error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:monospace:directus:9.11.0:*:*:*:*:node.js:*:*"
],
"vendor": "monospace",
"product": "directus",
"versions": [
{
"status": "affected",
"version": "9.11.0",
"lessThan": "10.13.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial