What is CVE-2024-45596?

CVE-2024-45596 is a high-severity vulnerability in Directus, classified under Use of Cache Containing Sensitive Information. CVSS score: 7.4/10. Published 2024-09-10.

How severe is CVE-2024-45596?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Directus

CVE-2024-45596

Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query str…

EPSS: 0.008 (73.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Affected products

Directus — versions < 10.13.3, >= 11.0.0, < 11.1.0

Weakness classification (CWE)

CWE-524 — Use of Cache Containing Sensitive Information

References

https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8 (x_refsource_CONFIRM)
https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b (x_refsource_MISC)
https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-45596?: CVE-2024-45596 is a high-severity vulnerability in Directus, classified under Use of Cache Containing Sensitive Information. CVSS score: 7.4/10. Published 2024-09-10.
How severe is CVE-2024-45596?: High severity. CVSS v3 base score is 7.4 out of 10.