Improper Redaction of `directus_refresh_token` in Directus Prior to 9.23.3 Allows Unauthorized User Impersonation

Improper Redaction of `directus_refresh_token` in Directus Prior to 9.23.3 Allows Unauthorized User Impersonation

CVE-2023-28443 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.