CVE-2020-26136

CVE-2020-26136 affects SilverStripe GraphQL prior to fixes in 4.6.0-rc1, where MFA is not honored when basic authentication is used. Several connected advisories corroborate an authentication bypass risk via the GraphQL module, with mitigation notes indicating that basic-auth has been removed by ...

CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth

More info at https://www.silverstripe.org/download/security-releases/cve-2020-26136...

CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass

More info at https://www.silverstripe.org/download/security-releases/CVE-2021-28661...

DRUPAL-CONTRIB-2021-013

This module lets you craft and expose a GraphQL web service API. The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability. This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data...

GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

This module lets you craft and expose a GraphQL web service API. The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability. This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data...

Fedora: Security Advisory for python-starlette (FEDORA-2021-e7fabd81fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-starlette-0.14.2-6.fc34

Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing high performance asyncio services. It is production-ready, and gives you the following: Seriously impressive performance. WebSocket support. GraphQL support. In-process background tasks. Startup and shutdown events...

GraphQLmap - A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. Install $ git clone https://github.com/swisskyrepo/GraphQLmap $ python graphqlmap.py / | | | / | | | | | | | | | | | | | | | '/ | ' | ' | | | | | | ' \ / | ' \ | || | | | | | | | | | | || | || | | | | |...

GitLab: A deactivated user can access data through GraphQL

Summary A deactivated user should not be able to access information through the API. This rule is not enforced when making requests through the GraphQL endpoint. When reading through the changelog for 13.11.2 i noticed that the rule for a deactivated user allows for :login as it should but it is...

CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

UBUNTU-CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

CVE-2021-22209

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...

CVE-2021-22209

GitLab CE/EE (versions 13.8 and later) contains CVE-2021-22209, where GraphQL mutations could be executed due to insufficient authorization token validation. This allowed unauthorized GraphQL mutations on affected instances. Remediation and fixes have been released in GitLab updates: 13.11.2, 13....

CVE-2021-22209

Removed by vendor...

GitLab Authorization Issues Vulnerability (CNVD-2021-34554)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab CE/...

Paragon - Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI

Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of the backend work to enable operators to focus on writing implants and spend less time worrying about databases and css. The repository also provides some offensive tools already...

GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab CE/...