CVE-2021-26595

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link Resource
https://github.com/sgranel/directusv8 Exploit Third Party Advisory
https://github.com/sgranel/directusv8 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://github.com/sgranel/directusv8 - Exploit, Third Party Advisory () https://github.com/sgranel/directusv8 - Exploit, Third Party Advisory

07 Nov 2023, 03:31

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Information

Published : 2021-02-23 19:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26595

Mitre link : CVE-2021-26595

CVE.ORG link : CVE-2021-26595


JSON object : View

Products Affected

rangerstudio

  • directus
CWE
CWE-312

Cleartext Storage of Sensitive Information