CVE-2024-50311

CWE-770 — Allocation without Limits CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 51.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform

Timeline

PublishedOct 22

Description

A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages0 packages

Also affects: Openshift Container Platform 4.0

🔴Vulnerability Details

CVEList

Graphql: denial of service (dos) vulnerability via graphql batching↗2024-10-22

▶

GHSA

GHSA-gmjx-74cx-5p3f: A denial of service (DoS) vulnerability was found in OpenShift↗2024-10-22

▶

📋Vendor Advisories

Red Hat

GraphQL: Denial of Service (DoS) vulnerability via GraphQL Batching↗2024-10-17

▶