A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2024-50312 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2319378 | Issue Tracking |
https://github.com/openshift/console/pull/14409/files | Patch |
Configurations
History
30 Oct 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
References | () https://access.redhat.com/security/cve/CVE-2024-50312 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2319378 - Issue Tracking | |
References | () https://github.com/openshift/console/pull/14409/files - Patch | |
First Time |
Redhat openshift Container Platform
Redhat |
23 Oct 2024, 15:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-22 14:15
Updated : 2024-10-30 18:35
NVD link : CVE-2024-50312
Mitre link : CVE-2024-50312
CVE.ORG link : CVE-2024-50312
JSON object : View
Products Affected
redhat
- openshift_container_platform
CWE