Vulnerability Description
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Monospace | Directus | < 10.13.0 |
Related Weaknesses (CWE)
References
- https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368Patch
- https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46vExploitVendor Advisory
- https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368Patch
- https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46vExploitVendor Advisory
FAQ
What is CVE-2024-39896?
CVE-2024-39896 is a vulnerability with a CVSS score of 7.5 (HIGH). Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO use...
How severe is CVE-2024-39896?
CVE-2024-39896 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39896?
Check the references section above for vendor advisories and patch information. Affected products include: Monospace Directus.