Bug 2319378 (CVE-2024-50312)
| Summary: | CVE-2024-50312 GraphQL: Information Disclosure via GraphQL Introspection in OpenShift | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alcohan, cdaley, gkamathe, gparvin, jchui, jkoehler, ktsao, nboldt, njean, owatkins, pahickey, rhaigner, rjohnson, rtaniwa, sdawley, tkral |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2024-10-17 14:28:08 UTC
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0115 https://access.redhat.com/errata/RHSA-2025:0115 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:0140 https://access.redhat.com/errata/RHSA-2025:0140 |