Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directus's conceal fields are searchable if read permissions enabled
Vulnerability Description
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
Directus 安全漏洞
Vulnerability Description
Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.13.0之前版本存在安全漏洞,该漏洞源于允许认证用户搜索敏感字段,可能导致敏感数据枚举攻击。
CVSS Information
N/A
Vulnerability Type
N/A