CVE-2024-27295 - OpenCVE

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-01T15:37:09.617Z

Updated: 2024-08-28T16:24:04.094Z

Reserved: 2024-02-22T18:08:38.874Z

Link: CVE-2024-27295

Vulnrichment

Updated: 2024-08-02T00:28:00.402Z

NVD

Status : Awaiting Analysis

Published: 2024-03-01T16:15:46.227

Modified: 2024-03-01T22:22:25.913

Link: CVE-2024-27295

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27295", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-22T18:08:38.874Z", "datePublished": "2024-03-01T15:37:09.617Z", "dateUpdated": "2024-08-28T16:24:04.094Z"}, "containers": {"cna": {"title": "Directus MySQL accent insensitive email matching", "problemTypes": [{"descriptions": [{"cweId": "CWE-706", "lang": "en", "description": "CWE-706: Use of Incorrectly-Resolved Name or Reference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"}], "affected": [{"vendor": "directus", "product": "directus", "versions": [{"version": "< 10.8.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-01T15:37:09.617Z"}, "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.\n\n"}], "source": {"advisory": "GHSA-qw9g-7549-7wg5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:28:00.402Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"}]}, {"affected": [{"vendor": "directus", "product": "directus", "cpes": ["cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.8.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-05T19:45:59.512255Z", "id": "CVE-2024-27295", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T16:24:04.094Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5", "name": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:28:00.402Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27295", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T19:45:59.512255Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"], "vendor": "directus", "product": "directus", "versions": [{"status": "affected", "version": "0", "lessThan": "10.8.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T16:23:56.269Z"}}], "cna": {"title": "Directus MySQL accent insensitive email matching", "source": {"advisory": "GHSA-qw9g-7549-7wg5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "directus", "product": "directus", "versions": [{"status": "affected", "version": "< 10.8.3"}]}], "references": [{"url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5", "name": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.\n\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-706", "description": "CWE-706: Use of Incorrectly-Resolved Name or Reference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-01T15:37:09.617Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27295", "state": "PUBLISHED", "dateUpdated": "2024-08-28T16:24:04.094Z", "dateReserved": "2024-02-22T18:08:38.874Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-01T15:37:09.617Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.\n\n"}, {"lang": "es", "value": "Directus es una API y un panel de aplicaciones en tiempo real para administrar el contenido de la base de datos SQL. El mecanismo de restablecimiento de contrase\u00f1a del backend de Directus permite a los atacantes recibir un correo electr\u00f3nico de restablecimiento de contrase\u00f1a de un usuario v\u00edctima, espec\u00edficamente hacer que llegue a una direcci\u00f3n de correo electr\u00f3nico similar a la de la v\u00edctima con uno o m\u00e1s caracteres modificados para usar acentos. Esto se debe al hecho de que, de forma predeterminada, MySQL/MariaDB est\u00e1n configurados para comparaciones que no distinguen acentos ni may\u00fasculas y min\u00fasculas. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 10.8.3."}], "id": "CVE-2024-27295", "lastModified": "2024-03-01T22:22:25.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-01T16:15:46.227", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-706"}], "source": "security-advisories@github.com", "type": "Secondary"}]}