CVE-2021-26595 — MEDIUM (5.3)

Q: How severe is CVE-2021-26595?

CVE-2021-26595 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-26595?

Check the references section above for vendor advisories and patch information. Affected products include: Rangerstudio Directus.

Vulnerability Description

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Rangerstudio	Directus	>= 8.0.0, <= 8.8.1

Related Weaknesses (CWE)

CWE-312

References

https://github.com/sgranel/directusv8ExploitThird Party Advisory
https://github.com/sgranel/directusv8ExploitThird Party Advisory

FAQ

What is CVE-2021-26595?

CVE-2021-26595 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the ...

How severe is CVE-2021-26595?

CVE-2021-26595 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26595?

Check the references section above for vendor advisories and patch information. Affected products include: Rangerstudio Directus.