CVE-2024-50312

Published: Oct 22, 2024Modified: Jan 15, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD (Secondary)

Description

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

Affected (1)

Products: Redhat: Openshift Container Platform

1 product

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (5)

https://access.redhat.com/errata/RHSA-2025:0115

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:0140

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-50312

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2319378

Source: secalert@redhat.com

Issue Tracking

https://github.com/openshift/console/pull/14409/files

Source: secalert@redhat.com

Patch

Timeline

No history available yet.