CVE-2024-50312

Graphql: information disclosure via graphql introspection in openshift

CVSS 5.3 MEDIUMEPSS 0.5%CWE-200

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

22 out 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

Red Hat · Red Hat OpenShift Container Platform 4.16 Red Hat · Red Hat OpenShift Container Platform 4.17

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2025:0115 https://access.redhat.com/errata/RHSA-2025:0140 https://access.redhat.com/security/cve/CVE-2024-50312 https://bugzilla.redhat.com/show_bug.cgi?id=2319378 https://github.com/openshift/console/pull/14409/files