VDB
CVE-2024-50312
CVE-2024-50312
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.
EPSS 0.26% · 49.9th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.26%
49.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202501080135.p0.gedbd12e.assembly.stream.el9, v4.17.0-202501080135.p0.gedbd12e.assembly.stream.el9 |
| redhat | openshift_container_platform | 4.0, 4.0 |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 4.16.0-202501080105.p0.g6fe3e8b.assembly.stream.el9, v4.16.0-202501080105.p0.g6fe3e8b.assembly.stream.el9 |
Timeline
- Oct 22, 2024 Coalition ESS Score
- Oct 22, 2024 Coalition ESS Score
- Oct 22, 2024 CVE Published
- Oct 22, 2024 PoC Published
- Oct 23, 2024 EPSS Score
- Oct 23, 2024 Coalition ESS Score
- Oct 30, 2024 Coalition ESS Score
- Nov 6, 2024 Coalition ESS Score
- Nov 10, 2024 EPSS Score
- Nov 29, 2024 EPSS Score
- Dec 18, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
References
- RHSA-2025:0115 vendor-advisory
- RHSA-2025:0140 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-50312 vdb
- RHBZ#2319378 issue
- https://github.com/openshift/console/pull/14409/files url
- https://nvd.nist.gov/vuln/detail/CVE-2024-50312 advisory