Licitdev

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. When using Directus Flows with the WebHook trigger, all incoming request details, including security-sensitive data like access and refresh tokens in cookies, are logged. Malicious administrators with access to the logs can hijack user sessions within the token expiration time after triggering the Flow. Recommendations: Update to Directus version 11.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** Directus versions 9.12.0 through 11.8.9 **Description** Directus is a real-time API and App dashboard for managing SQL database content. Flows with a manual trigger do not validate whether the user triggering the Flow has permissions to the items provided as payload to the Flow. This can lead to the Flow executing potential tasks on an attacker's behalf without authentication. Bad actors could execute the manual trigger Flows without authentication or access rights to the said collection(s) or item(s). Manual trigger Flows do not currently validate if the user has read access to `directus flows` or to the relevant collection/items. **Recommendations** Update to version 11.9.0 or later. Implement permission checks for read access to Flows. Implement permission checks for read access to relevant collection/items.

**Name of the Vulnerable Software and Affected Versions** Directus versions prior to 10.13.2 **Description** The issue concerns the exposure of access tokens from query strings in system logs, potentially allowing an attacker to gain administrative control and access to unauthorized data. This occurs when the `LOG STYLE` is set to `raw`, causing the `access token` in `req.query` to be logged without redaction. The `access token` could be a long-lived static token, increasing the risk. If system logs are not properly sanitized or protected, an attacker with access to them can exploit this issue. **Recommendations** For versions prior to 10.13.2, upgrade to release version 10.13.2 or subsequent releases to patch the vulnerability. As a temporary workaround, consider setting the `LOG STYLE` to a value other than `raw` to prevent the logging of access tokens in plain text. Rotate static tokens if they were provided using query strings to minimize the risk of exploitation. Restrict access to system logs to prevent unauthorized parties from obtaining potentially exposed access tokens.