Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Directus 信息泄露漏洞
Vulnerability Description
Directusv8是GlobalDirectusv8开源的一个应用系统提供了一个CMS建站系统 Directus 8.x through 8.8.1 存在安全漏洞,攻击者可利用该漏洞可以使用API用户{id}查看CMS中的所有用户。
CVSS Information
N/A
Vulnerability Type
N/A