Количество 2
Количество 2
CVE-2023-28443
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
GHSA-8vg2-wf3q-mwv7
directus vulnerable to Insertion of Sensitive Information into Log File
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28443 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. | CVSS3: 4.2 | 0% Низкий | почти 3 года назад |
| GHSA-8vg2-wf3q-mwv7 directus vulnerable to Insertion of Sensitive Information into Log File | CVSS3: 4.2 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу