Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @directus/api
to version 21.0.1, 22.2.0 or higher.
@directus/api is a real-time API and App dashboard for managing SQL database content
Affected versions of this package are vulnerable to Session Fixation via the respond
middleware. An attacker can access credentials of the last authenticated user that attempted to authenticate via SSO link without a redirect
query string in the URL.
-Create a new Directus project
-Set CACHE_ENABLED
to true
-Set CACHE_STORE
to redis
for reliable results (if using memory with multiple nodes, it may only happen sometimes, due to cache being different for different nodes)
-Configure REDIS
with redis string or redis host, port, user, etc.
-Set AUTH_PROVIDERS
to openid
-Set PUBLIC_URL
to the the main URL of your project. For example, PUBLIC_URL: http://localhost:8055
-Configure AUTH_OPENID_CLIENT_ID
, AUTH_OPENID_CLIENT_SECRET
, AUTH_OPENID_ISSUER_URL
with proper OpenID configurations
-Be sure that on OpenID external app you have configured Redirect URI to http://localhost:8055/auth/login/openid/callback
-Run Directus
-Open the SSO link like http://localhost:8055/auth/login/openid/callback
-Do the authentication on the OpenID external webpage
-Verify that it you got redirected to a page with a JSON including access_token
property
-Be sure all anonymous mode windows are closed
-Open an anonymous window and go to the SSO Link http://localhost:8055/auth/login/openid/callback
and see you have the same credentials, even though you don't have any session because you are in anonymous mode.