Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-28239

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-12 Mar, 2024 | 20:23
Updated At-22 Aug, 2024 | 20:47
Rejected At-
Credits

URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:12 Mar, 2024 | 20:23
Updated At:22 Aug, 2024 | 20:47
Rejected At:
▼CVE Numbering Authority (CNA)
URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Products
Vendor
directus
Product
directus
Versions
Affected
  • < 10.10.0
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
x_refsource_CONFIRM
https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
x_refsource_MISC
https://docs.directus.io/reference/authentication.html#login-using-sso-providers
x_refsource_MISC
Hyperlink: https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
Resource:
x_refsource_MISC
Hyperlink: https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
x_refsource_CONFIRM
x_transferred
https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
x_refsource_MISC
x_transferred
https://docs.directus.io/reference/authentication.html#login-using-sso-providers
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
monospace
Product
directus
CPEs
  • cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 10.10.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:12 Mar, 2024 | 21:15
Updated At:03 Jan, 2025 | 16:17

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
monospace
monospace
>>directus>>Versions before 10.10.0(exclusive)
cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-601Secondarysecurity-advisories@github.com
CWE-601Primarynvd@nist.gov
CWE ID: CWE-601
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-601
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.directus.io/reference/authentication.html#login-using-sso-providerssecurity-advisories@github.com
Product
https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203security-advisories@github.com
Patch
https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7psecurity-advisories@github.com
Exploit
Vendor Advisory
https://docs.directus.io/reference/authentication.html#login-using-sso-providersaf854a3a-2127-422b-91ae-364da2661108
Product
https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7paf854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
Hyperlink: https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Source: security-advisories@github.com
Resource:
Product
Hyperlink: https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2021-23384
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:45
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs.

Action-Not Available
Vendor-koa-remove-trailing-slashes_projectn/a
Product-koa-remove-trailing-slasheskoa-remove-trailing-slashes
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-11269
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-4.2||MEDIUM
EPSS-6.69% / 90.86%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 14:46
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirector in spring-security-oauth2

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-spring_security_oauthbanking_corporate_lendingSpring Security OAuth
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2015-10112
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.72%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 08:00
Updated-06 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooFramework Branding Plugin wooframework-branding.php admin_screen_logic redirect

A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.

Action-Not Available
Vendor-n/aWooCommerce
Product-wooframework_brandingWooFramework Branding Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-37830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.

Action-Not Available
Vendor-getoutlinen/agetoutline
Product-outlinen/aoutline
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-4037
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.44%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 19:45
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in OAuth2 Proxy

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0.

Action-Not Available
Vendor-oauth2_proxy_projectOAuth2 Proxy
Product-oauth2_proxyOAuth2 Proxy
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-25154
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.33%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 20:05
Updated-16 Apr, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites.

Action-Not Available
Vendor-B. Braun
Product-spacecomdatamodule_compactplusSpaceComData module compactplusBattery pack with Wi-Fi
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found