CVE-2024-50312

EPSS 0.07%
Published 22.10.2024 14:15:19
Last modified 15.01.2025 02:15:26
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Container Platform Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.215

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://access.redhat.com/errata/RHSA-2025:0115

https://access.redhat.com/errata/RHSA-2025:0140

https://access.redhat.com/security/cve/CVE-2024-50312

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2319378

Issue Tracking

https://github.com/openshift/console/pull/14409/files

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-50312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50312

EUVD