Login Sign Up

CVE-2019-13983

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2019-13983 is a critical authentication vulnerability in Directus 7 API that allows attackers to bypass rate limiting and perform credential stuffing or brute force attacks due to insufficient anti-automation controls. This affects all users of Directus 7 API versions before 2.2.2. Attackers can exploit this to compromise user accounts and gain unauthorized access to the system.

💻 Affected Systems

Products:
  • Directus 7 API
Versions: All versions before 2.2.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. The vulnerability exists in the authentication endpoints.

📦 What is this software?

Directus 7 Api by Rangerstudio

View all CVEs affecting Directus 7 Api →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential stuffing leading to admin account takeover, data exfiltration, and lateral movement within the environment.

🟠

Likely Case

User account compromise leading to unauthorized data access, privilege escalation, and potential data manipulation.

🟢

If Mitigated

Limited impact with proper monitoring and rate limiting in place, but still vulnerable to sophisticated attacks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication and can be automated with simple scripts. Public GitHub issues demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.2

Vendor Advisory: https://github.com/directus/api/issues/991

Restart Required: Yes

Instructions:

1. Backup your Directus installation. 2. Update to Directus 7 API version 2.2.2 or later. 3. Restart the Directus service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Implement Web Application Firewall (WAF) Rules

all

Configure WAF to enforce rate limiting on authentication endpoints

Add Custom Rate Limiting Middleware

all

Implement custom rate limiting for /auth endpoints

🧯 If You Can't Patch

  • Implement strong password policies and multi-factor authentication
  • Monitor authentication logs for brute force patterns and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check Directus version: if using Directus 7 API version < 2.2.2, you are vulnerable

Check Version:

Check Directus configuration or package.json for version information

Verify Fix Applied:

Verify Directus version is 2.2.2 or later and test authentication endpoints for rate limiting

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts from single IP
  • Unusual authentication patterns
  • High volume of POST requests to /auth endpoints

Network Indicators:

  • High volume of authentication requests
  • Traffic patterns indicating automated attacks

SIEM Query:

source="directus" AND (uri_path="/auth" OR uri_path="/auth/*") AND status=401 | stats count by src_ip

📊 Metadata

CVE ID: CVE-2019-13983
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-306
Published: July 19, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13983, you might also want to check these:

CVE-2019-11061 10.0

CVE-2019-11061 is a critical authentication bypass vulnerability in HG100 firmware that allows attac...

Same vulnerability type (CWE-306)
CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)