Количество 3
Количество 3
CVE-2025-24353
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instances that are impacted are those that use the share feature and have specific roles hierarchy and fields that are not visible for certain roles. Version 11.2.0 contains a patch the issue.
GHSA-pmf4-v838-29hg
Directus allows privilege escalation using Share feature
BDU:2025-05409
Уязвимость прикладного программного интерфейса управления содержимым базы данных SQL Directus, позволяющая нарушителю повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-24353 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instances that are impacted are those that use the share feature and have specific roles hierarchy and fields that are not visible for certain roles. Version 11.2.0 contains a patch the issue. | CVSS3: 5 | 0% Низкий | около 1 года назад |
| GHSA-pmf4-v838-29hg Directus allows privilege escalation using Share feature | CVSS3: 5 | 0% Низкий | около 1 года назад |
 | BDU:2025-05409 Уязвимость прикладного программного интерфейса управления содержимым базы данных SQL Directus, позволяющая нарушителю повысить свои привилегии | CVSS3: 5 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу