Security Advisory

CVE-2024-6534

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-15 03:10:46

Last updated 2025-05-19 18:13:11

Assigner Fluid Attacks

State PUBLISHED

Description

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the POST /presets request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.

← Browse all CVEs View on cve.org ↗