How severe is CVE-2024-27295?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2024-27295?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2024-27295 - HIGH Severity | CVSS 8.2

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.

Related Vulnerabilities

CVE-2022-27778

HIGH

CVSS:8.1(High)

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

CWE-7062022

CVE-2019-0571

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This a...

CWE-7062019

CVE-2021-47261

HIGH

CVSS:7.8(High)

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments b...

CWE-7062021

CVE-2023-42125

HIGH

CVSS:7.8(High)

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium...

CWE-7062023

CVE-2021-37214

HIGH

CVSS:8.8(High)

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in sp...

CWE-7062021

CVE-2023-28643

HIGH

CVSS:8.8(High)

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will repl...

CWE-7062023