How severe is CVE-2024-28238?

This vulnerability has a severity rating of LOW with a CVSS score of 2.3 out of 10.

What type of vulnerability is CVE-2024-28238?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-28238 - LOW Severity | CVSS 2.3

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2015-7884

LOW

CVSS:2.3(Low)

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive i...

CWE-2002015

CVE-2015-7885

LOW

CVSS:2.3(Low)

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive informat...

CWE-2002015

CVE-2015-8569

LOW

CVSS:2.3(Low)

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information f...

CWE-2002015

CVE-2017-8118

LOW

CVSS:2.3(Low)

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

CWE-2002017

CVE-2020-0029

LOW

CVSS:2.3(Low)

In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution...

CWE-2002020

CVE-2021-3923

LOW

CVSS:2.3(Low)

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniban...

CWE-2002021