Use of GET Request Method With Sensitive Query Strings in Directus - CVE-2024-28238

 

Use of GET Request Method With Sensitive Query Strings in Directus - CVE-2024-28238

Published: March 12, 2024 / Updated: April 23, 2026


Vulnerability identifier: #VU127097
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-28238
CWE-ID: CWE-598
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Directus
Affected software:
Directus

Detailed vulnerability description

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to use of get request method with sensitive query strings in the /files page when passing a jwt via a get request. A local privileged user can access logged urls containing the session token to disclose sensitive information.

URLs may be stored in web server logs and browser history, which can expose active session tokens.


How to mitigate CVE-2024-28238

Install security update from vendor's website.

Sources