Bug 2319378 (CVE-2024-50312) - CVE-2024-50312 GraphQL: Information Disclosure via GraphQL Introspection in OpenShift
Summary: CVE-2024-50312 GraphQL: Information Disclosure via GraphQL Introspection in O...
Keywords:
Status: NEW
Alias: CVE-2024-50312
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-17 14:28 UTC by OSIDB Bzimport
Modified: 2025-01-15 00:51 UTC (History)
16 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:0115 0 None None None 2025-01-14 09:52:53 UTC
Red Hat Product Errata RHSA-2025:0140 0 None None None 2025-01-15 00:51:18 UTC

Description OSIDB Bzimport 2024-10-17 14:28:08 UTC 
In GraphQL, information leak vulnerability has been observed while interacting with GraphQL API.
Users or unauthorized actors can view information about all available queries and mutations in server's response. This type of information can provide an attacker with numerous opportunities to identify vulnerabilities and processing errors
Comment 2 errata-xmlrpc 2025-01-14 09:52:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0115 https://access.redhat.com/errata/RHSA-2025:0115
Comment 3 errata-xmlrpc 2025-01-15 00:51:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:0140 https://access.redhat.com/errata/RHSA-2025:0140
Note You need to log in before you can comment on or make changes to this bug.