Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-50312

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

Published

2024-10-22T14:15:19.973

Last Modified

2025-01-15T02:15:26.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	4.0	Yes

References

https://access.redhat.com/errata/RHSA-2025:0115 ([email protected])
https://access.redhat.com/errata/RHSA-2025:0140 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-50312 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2319378 Issue Tracking ([email protected])
https://github.com/openshift/console/pull/14409/files Patch ([email protected])