CVE-2025-53889: Directus Missing Oauth Transport Scope
A request handler in Directus validates basic accountability (user, role, admin) but fails to check OAuth-specific restrictions. This missing check can allow attackers to bypass security limits by reusing tokens or exploiting CSRF via improper token bounds (e.g., accepting tokens via query or cookie without validation). Ensure proper transport (`tokenSource`
TSgreprules fetch cve-2025-53889-directus-missing-oauth-transport-scope --engine opengrepDescription
A request handler in Directus validates basic accountability (user, role, admin) but fails to check OAuth-specific restrictions. This missing check can allow attackers to bypass security limits by reusing tokens or exploiting CSRF via improper token bounds (e.g., accepting tokens via query or cookie without validation). Ensure proper transport (`tokenSource`
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0