Description

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`.

INFO

Published Date :

2024-09-18T16:55:24.255Z

Last Modified :

2024-09-18T18:19:24.086Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46990 vulnerability.

Vendors Products
Directus
  • Directus
Monospace
  • Directus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46990.

URL Resource
https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b cve-icon cve-icon
https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52 cve-icon cve-icon
https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff cve-icon cve-icon
https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431 cve-icon cve-icon
https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact