CVE-2024-50312

MEDIUM EPSS 40.3%

Published Oct 22, 20241y ago · Modified Jun 17, 20261w ago

5.3 CVSS 3.1

Medium

Published Oct 22, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

CVSS Details

Base Score

5.3

Exploitability

3.9

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

40.3% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

Vendor	Product	Version	Range
redhat	openshift_container_platform	4.0	any

References 5

access.redhat.com https://access.redhat.com/errata/RHSA-2025:0115
access.redhat.com https://access.redhat.com/errata/RHSA-2025:0140
access.redhat.com https://access.redhat.com/security/cve/CVE-2024-50312

Vendor Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2319378

Issue Tracking
github.com https://github.com/openshift/console/pull/14409/files

Patch

Remediation

github.com https://github.com/openshift/console/pull/14409/files

Patch