VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-b8ya-2bmn-e3h5

Essentials
Severities (19)
References (7)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-b8ya-2bmn-e3h5
Aliases	CVE-2023-28443 GHSA-8vg2-wf3q-mwv7
Summary	Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-284	Improper Access Control
CWE-532	Insertion of Sensitive Information into Log File
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2023-28443
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2023-28443
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2023-28443
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2023-28443
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8vg2-wf3q-mwv7
cvssv3.1	4.2	https://github.com/directus/directus
generic_textual	MODERATE	https://github.com/directus/directus
cvssv3.1	4.2	https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13
generic_textual	MODERATE	https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13
ssvc	Track	https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13
cvssv3.1	4.2	https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc
generic_textual	MODERATE	https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc
ssvc	Track	https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc
cvssv3.1	4.2	https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7
cvssv3.1_qr	MODERATE	https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7
generic_textual	MODERATE	https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7
ssvc	Track	https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7
cvssv3.1	4.2	https://nvd.nist.gov/vuln/detail/CVE-2023-28443
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-28443

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-28443
		https://github.com/directus/directus
		https://nvd.nist.gov/vuln/detail/CVE-2023-28443
349536303983ccba68ecb3e4fb35315424011afc		https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc
GHSA-8vg2-wf3q-mwv7		https://github.com/advisories/GHSA-8vg2-wf3q-mwv7
GHSA-8vg2-wf3q-mwv7		https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7
logger.ts#L13		https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/directus/directus

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/ Found at https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/ Found at https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/ Found at https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28443

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19287
EPSS Score	0.00061
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:22:19.873707+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/28xxx/CVE-2023-28443.json	38.6.0