CVE-2024-50312
Published: Oct 22, 2024
Modified: Nov 11, 2025
CVSS v3.1
5.3
Description
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected v4.16.0-202501080105.p0.g6fe3e8b.assembly.stream.el9 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected v4.17.0-202501080135.p0.gedbd12e.assembly.stream.el9 - < * |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now