CVE-2024-39896
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-39896 is a vulnerability affecting Directus, a real-time API and App dashboard for managing SQL database content. The issue arises when Directus is configured to use Single Sign-On (SSO) providers in conjunction with local authentication. An attacker can potentially enumerate existing SSO users by exploiting Directus' behavior of revealing a "helpful" error message when an email address belonging to an SSO provider is detected. This error disclosure can reveal sensitive information about the affected instance, posing a security risk. Directus has addressed this issue in version 10.13.0.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.