Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

OSV
OSVadded 2023/08/15 8:4 p.m.25 views

GHSA-9CVC-V7WM-992C When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible

Summary When ui.isAccessAllowed is undefined, the adminMeta GraphQL query is publicly accessible, that is to say, no session is required for the query. This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible if a session strategy is...

5.3CVSS4.6AI score0.00342EPSS
Exploits0References6
Prion
Prionadded 2023/08/15 6:15 p.m.24 views

Default configuration

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...

5CVSS5.2AI score0.00342EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder