GHSA-vw58-ph65-6rxp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vw58-ph65-6rxp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vw58-ph65-6rxp/GHSA-vw58-ph65-6rxp.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-vw58-ph65-6rxp
- Aliases
- Published
- 2025-04-14T15:20:40Z
- Modified
- 2025-04-14T15:20:41Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Directus inserts access token from query string into logs
- Details
-
Summary
Access token from query string is not redacted and is potentially exposed in system logs which may be persisted.
Details
The access token in
req.queryis not redacted when theLOG_STYLEis set toraw. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation.PoC
- Set
LOG_LEVEL="raw"in the environment. - Send a request with the
access_tokenin the query string. - Notice that the
access_tokeninreq.queryis not redacted.
Impact
It impacts systems where the
LOG_STYLEis set toraw. Theaccess_tokenin the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. - Set
- Database specific
{ "nvd_published_at": "2024-10-08T18:15:31Z", "cwe_ids": [ "CWE-532" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-14T15:20:40Z" }- References
Affected packages
npm / @directus/api
Package
- Name
- @directus/api
- View open source insights on deps.dev
- Purl
- pkg:npm/%40directus/api