6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-27481

GHSA ID

GHSA-m5q3-8wgf-x8xf

EPSS Score

0.4401%

CWE

CWE-200

Published

3/8/2023

Updated

3/26/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-27481

CVE-2023-27481: Directus vulnerable to extraction of password hashes through export querying

Impact

Users with read access to the password field in directus_users can extract the argon2 password hashes by brute forcing the export functionality combined with a _starts_with filter. This allows the user to enumerate the password hashes.

Patches

The problem has been patched by preventing any hashed/concealed field to be filtered against with the _starts_with or other string operator.

Workarounds

Ensuring that no user has read access to the password field in directus_users is sufficient to prevent this vulnerability.

For more information

If you have any questions or comments about this advisory:

Open a Discussion in directus/directus
Email us at security@directus.io

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-27481

CVE-2023-27481:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-27481

GHSA ID

GHSA-m5q3-8wgf-x8xf

EPSS Score

0.4401%

CWE

CWE-200

Published

3/8/2023

Updated

3/26/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
directus	npm	< 9.16.0	9.16.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key points: 1) Filter processing logic allowing string operators on hashed fields, and 2) GraphQL type definitions not properly restricting operators for concealed fields. The patches in PR#14829 and PR#15010 explicitly address these by introducing operator allow-list checks and specialized GraphQLHash types. While exact function names aren't visible in diffs, the pattern matches Directus' architecture where items service handles filtering and GraphQL types define field capabilities. The combination of these two components being improperly configured would directly enable the described hash extraction attack.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-27481: Directus vulnerable to extraction of password hashes through export querying

Impact

Patches

Workarounds

For more information

CVE-2023-27481:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

6.5

6.5

CVE-2023-27481: Directus vulnerable to extraction of password hashes through export querying

Impact

Patches

Workarounds

For more information

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI