CS Money: Server-side denial of service via large payload sent to wiki.cs.money/graphql

Summary: By sending a large payload to wiki.cs.money, a malicious actor can cause a partial or full denial of service to other users using the graphql part of wiki.cs.money Steps To Reproduce: - Setup burpsuite as a proxy - Go to burpsuite - Proxy - Options - Match & Replace - Click add - ITEM =...

GitLab: GraphQL Query leads to sensitive information disclosure

NOTE! Thanks for submitting a report! Please replace all the parenthesized sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary Graphql Query mentioned...

TikTok: Cross-Tenant IDOR ( graphql `AddRulesToPixelEvents` query ) allowing to add, update, and delete rules of any Pixel events on the platform

Due to an Insecure Direct Object Reference IDOR vulnerability, an attacker could have potentially added, deleted, or updated rules for other users' pixel events in the TikTok ads portal. We thank @bubbounty for reporting this to our team and confirming the resolution. This report is one of my...

CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

Design/Logic Flaw

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

UBUNTU-CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

CVE-2020-13317

GitLab CVE-2020-13317 impacts GitLab versions before 13.1.10, 13.2.8, and 13.3.4 due to an insufficient check in the GraphQL API that allowed a maintainer to delete a repository. The issue is rooted in the GraphQL authorization/validation logic, enabling unintended repository deletion. Fixed vers...

CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

CVE-2020-13317

Removed by vendor...

Shopify: Undocumented `fileCopy` GraphQL API

Impact A malicious staff account with no permissions can copy other store file assets to current store, which they have no access to. Details So the story as follow A malicious staff member jackmccracken on storeA.myshopify.com wants to upload a file on the store but could not, due to permissions...

PT-2020-13458 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that involves an insufficient check in the GraphQL API. This issue allows a maintainer to delete a...

HackerOne: Hacker can bypass minimum bounty amount restrictions in "invitation preferences" setting via UpdateInvitationPreferencesMutation GraphQL operation

Summary: Hacker can bypass minimum bounty amount restrictions in invitation preferences due to trusted client-side input to UpdateInvitationPreferencesMutation GraphQL operation Description: The new "Bounty Preferences" feature at https://hackerone.com/settings/preferences allows the hacker to se...

Shopify: A staff member with no permissions can edit Store Customer Email

Impact A staff member with no permissions can edit a store Customer email which they have no access to. This is the email that the store customers will see when emailing them. Details emailSenderConfigurationUpdate is an undocumented GraphQL API that will allows a malicious staff member in a stor...

HackerOne: Team object in GraphQL disclosed private_comment

Summary: Hi Team, Some privateI think part of GraphQL reveals to us Steps To Reproduce Without authorization 1. https://hackerone.com/graphql POST: "query":"query nodeid: \"gid://hackerone/SurveyRatingItem/█████\" ... on...

@anacoelhovicente/primecore (=0.3.4-beta.1-webhook), @axonish/core (>=0.2.0 <=0.3.0) +29 more potentially affected by unknown CVE via type-graphql (>=0.12.3 <=0.17.5)

type-graphql NPM version =0.12.3, =0.2.0, =0.0.2, =1.0.0, =1.0.0, =0.0.5, =0.0.1, =0.0.0-4d6c2e0, =0.1.0, =0.3.0-alpha.1, =0.0.1, =5.2.0, =0.0.1, =0.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XF64-2F9P-6PQQ...

Information Exposure in type-graphql

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Recommendation Upgrade to version 0.17.6 or later...

GHSA-XF64-2F9P-6PQQ Information Exposure in type-graphql

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Recommendation Upgrade to version 0.17.6 or later...

@atto-byte/yoga (>=0.6.0 <=0.6.6), @britishcouncil/grizzly (>=0.1.0 <=0.3.3) +22 more potentially affected by unknown CVE via graphql-shield (>=3.2.5 <=5.7.3)

graphql-shield NPM version =3.2.5, =0.6.0, =0.1.0, =1.0.2-alpha.11, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.6, =0.0.0, =0.0.1, =1.0.0, =0.0.5, =0.0.1, =0.0.2 - ustart =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HX78-272P-MQQH...