John Hillegass

1 exploit Active since Mar 2023
CVE-2023-28443 WRITEUP MEDIUM WRITEUP
Directus < 9.23.3 - Unauthenticated Token Exposure via Log Output
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
CVSS 4.2