CVE-2024-50312

MEDIUM

OpenShift Container Platform - Unauthenticated Exposure of Sensitive GraphQL Schema Information via Introspection Query

Title source: llm

Description

A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

References (5)

Core 5

Core References

Patch

https://github.com/openshift/console/pull/14409/files

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:0140

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-50312

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2319378

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:0115

Scores

CVSS v3 5.3

EPSS 0.0026

EPSS Percentile 49.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

redhat/openshift_container_platform 4.0

Published Oct 22, 2024

Tracked Since Feb 18, 2026