CVE-2023-28443

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-28443

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28443.json

Aliases

GHSA-8vg2-wf3q-mwv7

Published

2023-03-24T00:15:15Z

Modified

2023-11-29T10:04:11.165703Z

Details

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directus_refresh_token is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.

References

Affected packages

Git / github.com/directus/directus

Affected ranges

Type: GIT
Repo: https://github.com/directus/directus
Events: Introduced

0The exact introduced commit is unknown

Fixed

349536303983ccba68ecb3e4fb35315424011afc

Affected versions

v9.*

v9.0.0

v9.0.0-alpha.10

v9.0.0-alpha.11

v9.0.0-alpha.12

v9.0.0-alpha.13

v9.0.0-alpha.14

v9.0.0-alpha.15

v9.0.0-alpha.16

v9.0.0-alpha.17

v9.0.0-alpha.18

v9.0.0-alpha.19

v9.0.0-alpha.20

v9.0.0-alpha.21

v9.0.0-alpha.22

v9.0.0-alpha.23

v9.0.0-alpha.24

v9.0.0-alpha.25

v9.0.0-alpha.26

v9.0.0-alpha.27

v9.0.0-alpha.31

v9.0.0-alpha.32

v9.0.0-alpha.33

v9.0.0-alpha.34

v9.0.0-alpha.35

v9.0.0-alpha.36

v9.0.0-alpha.37

v9.0.0-alpha.38

v9.0.0-alpha.39

v9.0.0-alpha.4

v9.0.0-alpha.40

v9.0.0-alpha.41

v9.0.0-alpha.42

v9.0.0-alpha.5

v9.0.0-alpha.6

v9.0.0-alpha.7

v9.0.0-alpha.8

v9.0.0-alpha.9

v9.0.0-beta.0

v9.0.0-beta.1

v9.0.0-beta.10

v9.0.0-beta.11

v9.0.0-beta.12

v9.0.0-beta.13

v9.0.0-beta.14

v9.0.0-beta.2

v9.0.0-beta.3

v9.0.0-beta.4

v9.0.0-beta.5

v9.0.0-beta.7

v9.0.0-beta.8

v9.0.0-beta.9

v9.0.0-rc.0

v9.0.0-rc.1

v9.0.0-rc.10

v9.0.0-rc.100

v9.0.0-rc.101

v9.0.0-rc.11

v9.0.0-rc.12

v9.0.0-rc.13

v9.0.0-rc.14

v9.0.0-rc.15

v9.0.0-rc.17

v9.0.0-rc.18

v9.0.0-rc.19

v9.0.0-rc.2

v9.0.0-rc.20

v9.0.0-rc.21

v9.0.0-rc.22

v9.0.0-rc.23

v9.0.0-rc.24

v9.0.0-rc.25

v9.0.0-rc.26

v9.0.0-rc.27

v9.0.0-rc.28

v9.0.0-rc.29

v9.0.0-rc.3

v9.0.0-rc.30

v9.0.0-rc.31

v9.0.0-rc.32

v9.0.0-rc.33

v9.0.0-rc.34

v9.0.0-rc.35

v9.0.0-rc.36

v9.0.0-rc.37

v9.0.0-rc.38

v9.0.0-rc.39

v9.0.0-rc.4

v9.0.0-rc.40

v9.0.0-rc.41

v9.0.0-rc.42

v9.0.0-rc.43

v9.0.0-rc.44

v9.0.0-rc.45

v9.0.0-rc.46

v9.0.0-rc.47

v9.0.0-rc.48

v9.0.0-rc.49

v9.0.0-rc.5

v9.0.0-rc.50

v9.0.0-rc.51

v9.0.0-rc.52

v9.0.0-rc.53

v9.0.0-rc.54

v9.0.0-rc.55

v9.0.0-rc.56

v9.0.0-rc.57

v9.0.0-rc.58

v9.0.0-rc.59

v9.0.0-rc.6

v9.0.0-rc.60

v9.0.0-rc.61

v9.0.0-rc.62

v9.0.0-rc.63

v9.0.0-rc.64

v9.0.0-rc.65

v9.0.0-rc.66

v9.0.0-rc.67

v9.0.0-rc.68

v9.0.0-rc.69

v9.0.0-rc.7

v9.0.0-rc.70

v9.0.0-rc.71

v9.0.0-rc.72

v9.0.0-rc.73

v9.0.0-rc.74

v9.0.0-rc.75

v9.0.0-rc.76

v9.0.0-rc.77

v9.0.0-rc.78

v9.0.0-rc.79

v9.0.0-rc.8

v9.0.0-rc.80

v9.0.0-rc.81

v9.0.0-rc.82

v9.0.0-rc.83

v9.0.0-rc.84

v9.0.0-rc.85

v9.0.0-rc.86

v9.0.0-rc.87

v9.0.0-rc.88

v9.0.0-rc.89

v9.0.0-rc.9

v9.0.0-rc.90

v9.0.0-rc.91

v9.0.0-rc.92

v9.0.0-rc.93

v9.0.0-rc.94

v9.0.0-rc.95

v9.0.0-rc.96

v9.0.0-rc.97

v9.0.0-rc.98

v9.0.0-rc.99

v9.0.0-y.0

v9.0.1

v9.1.0

v9.1.1

v9.1.2

v9.10.0

v9.11.0

v9.11.1

v9.12.0

v9.12.1

v9.12.2

v9.13.0

v9.14.1

v9.14.2

v9.14.3

v9.14.4

v9.14.5

v9.15.0

v9.15.1

v9.16.0

v9.16.1

v9.17.0

v9.17.1

v9.17.2

v9.17.3

v9.17.4

v9.18.0

v9.18.1

v9.19.0

v9.19.1

v9.19.2

v9.2.0

v9.2.1

v9.2.2

v9.20.0

v9.20.1

v9.20.2

v9.20.3

v9.20.4

v9.21.0

v9.21.1

v9.21.2

v9.22.0

v9.22.1

v9.22.2

v9.22.3

v9.22.4

v9.23.0

v9.23.1

v9.23.2

v9.3.0

v9.4.0

v9.4.1

v9.4.2

v9.4.3

v9.5.0

v9.5.1

v9.5.2

v9.6.0

v9.7.0

v9.7.1

v9.8.0

v9.9.0

v9.9.1