How severe is CVE-2024-45596?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-45596?

This is classified as CWE-524, which is a common weakness in software security.

CVE-2024-45596 - HIGH Severity | CVSS 7.4

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0.

Related Vulnerabilities

CVE-2021-24027

HIGH

CVSS:7.5(High)

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read ca...

CWE-5242021

CVE-2023-37486

HIGH

CVSS:7.5(High)

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successfu...

CWE-5242023

CVE-2024-27917

HIGH

CVSS:7.5(High)

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are ...

CWE-5242024

CVE-2024-12314

HIGH

CVSS:7.2(High)

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible...

CWE-5242024

CVE-2024-41906

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service....

CWE-5242024

CVE-2022-32909

MEDIUM

CVSS:5.5(Medium)

The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data.

CWE-5242022