CVE-2024-50312

CWE-200Information Exposure5 documents5 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 50.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift Container Platform
Timeline
PublishedOct 22
Latest updateOct 28

Description

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages0 packages

Also affects: Openshift Container Platform 4.0

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console2024-10-28
CVEList
Graphql: information disclosure via graphql introspection in openshift2024-10-22
GHSA
GHSA-7f25-p8gc-hxqh: A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query2024-10-22

📋Vendor Advisories

1
Red Hat
GraphQL: Information Disclosure via GraphQL Introspection in OpenShift2024-10-17
CVE-2024-50312 (MEDIUM CVSS 5.3) | A vulnerability was found in GraphQ | cvebase.io