Vulnerabilities > CVE-2024-39896 - Unspecified vulnerability in Monospace Directus

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
monospace
NVD
Published: 2024-07-08
Updated: 2025-01-03

Summary

Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.

Vulnerable Configurations

Part Description Count
Application
Monospace
334

References