Vulnerability Description
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 4.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:0115
- https://access.redhat.com/errata/RHSA-2025:0140
- https://access.redhat.com/security/cve/CVE-2024-50312Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2319378Issue Tracking
- https://github.com/openshift/console/pull/14409/filesPatch
FAQ
What is CVE-2024-50312?
CVE-2024-50312 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and m...
How severe is CVE-2024-50312?
CVE-2024-50312 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50312?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform.