Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-03-23T23:13:58.299Z
Updated: 2023-03-23T23:13:58.299Z
Reserved: 2023-03-15T15:59:10.056Z
Link: CVE-2023-28443
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-24T00:15:15.553
Modified: 2023-03-29T14:29:09.287
Link: CVE-2023-28443
JSON object: View
Redhat Information
No data.