CVE-2023-28443

Insertion of Sensitive Information into Log File in npm/directus

Identifiers

CVE-2023-28443, GHSA-8vg2-wf3q-mwv7

Package Slug

npm/directus

Vulnerability

Insertion of Sensitive Information into Log File

Description

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directus_refresh_token is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.

Affected Versions

All versions before 9.23.3

Solution

Upgrade to version 9.23.3 or above.

Last Modified

2023-03-24

source