CVE-2024-39896

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 8, 2024
Updated: Jul 9, 2024
CWE ID 200

Summary

CVE-2024-39896 is a vulnerability affecting Directus, a real-time API and App dashboard for managing SQL database content. The issue arises when Directus is configured to use Single Sign-On (SSO) providers in conjunction with local authentication. An attacker can potentially enumerate existing SSO users by exploiting Directus' behavior of revealing a "helpful" error message when an email address belonging to an SSO provider is detected. This error disclosure can reveal sensitive information about the affected instance, posing a security risk. Directus has addressed this issue in version 10.13.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share