CVE-2024-50312

EPSS 0.07%
Veröffentlicht 22.10.2024 14:15:19
Zuletzt bearbeitet 15.01.2025 02:15:26
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Openshift Container Platform Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.215

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://access.redhat.com/errata/RHSA-2025:0115

https://access.redhat.com/errata/RHSA-2025:0140

https://access.redhat.com/security/cve/CVE-2024-50312

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2319378

Issue Tracking

https://github.com/openshift/console/pull/14409/files

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-50312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50312

EUVD