漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Directus 信息泄露漏洞
Vulnerability Description
Directusv8是GlobalDirectusv8开源的一个应用系统提供了一个CMS建站系统 Directus 8.x through 8.8.1 存在安全漏洞,攻击者可利用该漏洞可以使用API用户{id}查看CMS中的所有用户。
CVSS Information
N/A
Vulnerability Type
N/A