GitLab Doles Out Half a Million Bucks to White Hats

GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...

GraphQL Batching Attack

There is a new attack surface when the app tech stack includes GraphQL. It's Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out. The post GraphQL Batching Attack appeared first on Wallarm Blog...

Why and how to disable introspection query for GraphQL APIs

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step...

Denial Of Service (DoS) Via Infinite Loop

graphql-hooks is vulnerable to denial of service DoS attacks. Since skipCache is set to true by default in the function useQuery during server side rendering, an attacker can send the query requests to trigger infinite loop as it runs indefinitely without raising any error or returning any result...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

Code injection

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

GitLab Community and Enterprise Edition versions 11–12.4 are affected by a Denial of Service due to a large or infinite loop when building Nested GraphQL queries. Root cause: improper handling of nested GraphQL query expansion leads to resource exhaustion. Impact: availability degradation (DoS) w...

CVE-2019-18455

Removed by vendor...

Trint Ltd: SSO bypass in zendesk using trint organization able to leak internal ticket information

Summary hello there because in app.trint.com there's no email verification i able to login in your zendesk SSO using your organization your organization using domain @trint.com because there's no email verification i able to read and takeover + claim this email [email protected] and i able to...

Securing GraphQL. Part 1

GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. This technology is very famous and used by many enterprise companies such as Facebook, Walmart, Intuit among other. Whether you know it or not, GraphQL has a significant...

HackerOne: Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent

An Insecure Direct Object Reference IDOR vulnerability allow the reporter, external users, and collaborators to mark sent swag that was awarded to the reporter as unsent. This may result in swag being sent multiple times. Proof of concept Follow the steps below to reproduce the vulnerability. sig...

HackerOne: Private program disclosure via `vpn_suspended` GraphQL query

Summary: vpnsuspended of Team object got exposed Description: An attacker can get vpnsuspended value of any program including external program which also have private program eg. █████ and external program which does not have private program What an attacker can do with this ? If an external...

GHSA-974J-WJXX-WGGJ Incorrect Access Control vulnerability in api-platform/core

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability...

Incorrect Access Control vulnerability in api-platform/core

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability...

HackerOne: Disclosure of `payment_transactions` for programs via GraphQL query

Summary: payment transactions count of programs exposed Description: payment transactions details can be only accessed by program team members, but there is an flaw, with that, an unauthorized user can get payment transactions count of any program i have confirmed only with public program Steps T...

HackerOne: Team object in GraphQL disclosed of private programs via the industry

Summary: Disclosure of private programs across the industry If the program is private, it will show industriy Steps To Reproduce "query": "query teamhandle:\"█████████\"id,industry" "data":"team":"id":"█████████","industry":"Computer Hardware \u0026 Peripherals" "query": "query...

Authorization Bypass

graphql-shield is vulnerable to authorization bypass. There is a flaw in rule setting for nocache option which uses keys generated from insecure cryptographic functions, allowing an attacker to incorrectly cache rules and access information via key collision...