Main Vulnerability Database Vulnerabilities #VU127108

#VU127108 Inclusion of Sensitive Information in Log Files in Directus - CVE-2024-47822

Published: October 8, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127108

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-47822

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Directus

Software vendor:
Directus

Description

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to insertion of sensitive information into log files in request query logging when handling requests with an access token in the query string while raw logging is enabled. A local privileged user can send a request containing an access token in the query string to disclose sensitive information.

Only instances with LOG_STYLE set to raw are vulnerable. User interaction is required.

Remediation

Install security update from vendor's website.

External links

https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp

#VU127108 Inclusion of Sensitive Information in Log Files in Directus - CVE-2024-47822

Description

Remediation

External links

Please verify you're human