Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3trx-stq1-fkbf
Vulnerability ID VCID-3trx-stq1-fkbf
Aliases CVE-2024-28239
GHSA-fr3w-2p22-6w7p
Summary URL Redirection to Untrusted Site in OAuth2/OpenID in directus ### Summary The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.html#login-using-sso-providers /auth/login/google?redirect for example. ### Details There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`, which I think is here: https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L394. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. ### PoC Turn on any auth provider in Directus instance. Form a link to `directus-instance/auth/login/:provider_id?redirect=http://malicious-fishing-site.com`, login and get taken to malicious-site. Tested on the `ory` OAuth2 integration. ### Impact Users who login via OAuth2 into Directus.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-28239
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-28239
cvssv3.1 5.4 https://docs.directus.io/reference/authentication.html#login-using-sso-providers
generic_textual MODERATE https://docs.directus.io/reference/authentication.html#login-using-sso-providers
ssvc Track https://docs.directus.io/reference/authentication.html#login-using-sso-providers
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fr3w-2p22-6w7p
cvssv3.1 5.4 https://github.com/directus/directus
generic_textual MODERATE https://github.com/directus/directus
cvssv3.1 5.4 https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
generic_textual MODERATE https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
ssvc Track https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
cvssv3.1 5.4 https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
cvssv3.1_qr MODERATE https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
generic_textual MODERATE https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
ssvc Track https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2024-28239
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-28239
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-28239
https://docs.directus.io/reference/authentication.html#login-using-sso-providers
https://github.com/directus/directus
https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
CVE-2024-28239 https://nvd.nist.gov/vuln/detail/CVE-2024-28239
GHSA-fr3w-2p22-6w7p https://github.com/advisories/GHSA-fr3w-2p22-6w7p
GHSA-fr3w-2p22-6w7p https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/ Found at https://docs.directus.io/reference/authentication.html#login-using-sso-providers
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/directus/directus
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/ Found at https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/ Found at https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-28239
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.45866
EPSS Score 0.0023
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:47:21.297952+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/directus/CVE-2024-28239.yml 38.6.0