{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45596", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-02T16:00:02.423Z", "datePublished": "2024-09-10T18:43:33.413Z", "dateUpdated": "2024-09-10T19:20:32.884Z"}, "containers": {"cna": {"title": "Directus's session is cached for OpenID and OAuth2 if `redirect` is not used", "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "lang": "en", "description": "CWE-524: Use of Cache Containing Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8"}, {"name": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b", "tags": ["x_refsource_MISC"], "url": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"}, {"name": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52", "tags": ["x_refsource_MISC"], "url": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"}], "affected": [{"vendor": "directus", "product": "directus", "versions": [{"version": "< 10.13.3", "status": "affected"}, {"version": ">= 11.0.0, < 11.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-10T18:43:33.413Z"}, "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0."}], "source": {"advisory": "GHSA-cff8-x7jv-4fm8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T19:20:20.595959Z", "id": "CVE-2024-45596", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T19:20:32.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T19:20:20.595959Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T19:20:28.230Z"}}], "cna": {"title": "Directus's session is cached for OpenID and OAuth2 if `redirect` is not used", "source": {"advisory": "GHSA-cff8-x7jv-4fm8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "directus", "product": "directus", "versions": [{"status": "affected", "version": "< 10.13.3"}, {"status": "affected", "version": ">= 11.0.0, < 11.1.0"}]}], "references": [{"url": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8", "name": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b", "name": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52", "name": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-524", "description": "CWE-524: Use of Cache Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-10T18:43:33.413Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45596", "state": "PUBLISHED", "dateUpdated": "2024-09-10T19:20:32.884Z", "dateReserved": "2024-09-02T16:00:02.423Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-10T18:43:33.413Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0."}, {"lang": "es", "value": "Directus es una API en tiempo real y un panel de control de aplicaciones para administrar el contenido de bases de datos SQL. Un usuario no autenticado puede acceder a las credenciales del \u00faltimo usuario autenticado a trav\u00e9s de OpenID u OAuth2 donde la URL de autenticaci\u00f3n no inclu\u00eda una cadena de consulta de redireccionamiento. Esto sucede porque en ese endpoint, tanto para OpenID como para OAuth2, Directus usa el middleware de respuesta, que de manera predeterminada intentar\u00e1 almacenar en cach\u00e9 las solicitudes GET que cumplieron con algunas condiciones. Sin embargo, esas condiciones no incluyen este escenario, cuando una solicitud no autenticada devuelve las credenciales del usuario. Esta vulnerabilidad se corrigi\u00f3 en 10.13.3 y 11.1.0."}], "id": "CVE-2024-45596", "lastModified": "2024-09-11T16:26:11.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-10T19:15:22.303", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"}, {"source": "security-advisories@github.com", "url": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"}, {"source": "security-advisories@github.com", "url": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}