260 matches found
CVE-2022-36084
Summary of CVE-2022-36084 : The vulnerability affects cruddl (GraphQL API schema generator). If a schema uses the directive @flexSearchFulltext and cruddl is used with versions before 2.7.0 or 3.0.2, an attacker with READ permission on at least one root entity type that has @flexSearchFulltext en...
CVE-2022-36084 cruddl vulnerable to AQL injection through flexSearch
cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
Design/Logic Flaw
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
CVE-2022-1902 describes a vulnerability in Red Hat Advanced Cluster Security for Kubernetes where Notifier secrets were not properly sanitized in the GraphQL API. This allows authenticated ACS users to retrieve Notifiers via GraphQL, potentially escalating privileges. CVSSv3.1 base score 8.8 (HIG...
The vulnerability of the GraphQL API implementation of the Red Hat Advanced Cluster Security (RHACS) for Kubernetes allows a perpetrator to increase their privileges and gain unauthorized access to protected information.
The vulnerability of the GraphQL API implementation of the Red Hat Advanced Cluster Security RHACS for Kubernetes lies in the insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to enhance their privileges and gain unauthorized access to protected...
PT-2022-3650 · Red Hat · Red Hat Advanced Cluster Security For Kubernetes
Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Security for Kubernetes affected versions not specified Description: A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes, related to insufficient protection of service data in the GraphQL API. Thi...
GHSA-H4XC-577P-HGJ9 Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the...
GitLab 13.1 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39904)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting...
GitLab 13.10 < 14.4.5 / 14.5 < 14.5.3 / 14.6 < 14.6.2 (CVE-2022-0152)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLa...
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...
CVE-2021-4191
Removed by vendor...
CVE-2021-4191
The CVE-2021-4191 issue in GitLab CE/EE (affected versions: 13.0–14.6.5, 14.7–14.7.4, 14.8–14.8.2) enables user enumeration via the GraphQL API for unauthenticated users on privately signed-up instances. Root cause: missing authentication checks in specific GraphQL queries, allowing an attacker t...
GitLab 13.0 < 14.6.5 / 14.7 < 14.7.4 / 14.8 < 14.8.2 (CVE-2021-4191)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user...