CVE-2024-50312

Sažetak

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

Reference

https://access.redhat.com/errata/RHSA-2025:0115
https://access.redhat.com/errata/RHSA-2025:0140
https://access.redhat.com/security/cve/CVE-2024-50312
https://bugzilla.redhat.com/show_bug.cgi?id=2319378
https://github.com/openshift/console/pull/14409/files

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

15-01-2025 - 02:15

Objavljeno

22-10-2024 - 14:15