2 matches found
foreman: foreman: OAuth secret exposure via unauthenticated access to the GraphQL API
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...
GHSA-W42G-7VFC-XF37 Introspection in schema validation in Apollo Server
We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...