Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directus 10.13.0 - Insecure object reference via PATH presets
Vulnerability Description
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Directus 安全漏洞
Vulnerability Description
Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 10.13.0版本存在安全漏洞,该漏洞源于允许经过身份验证的外部攻击者修改同一用户创建的预设以将其分配给另一个用户,从而导致帐户接管。
CVSS Information
N/A
Vulnerability Type
N/A