CVE-2024-50312
Graphql: information disclosure via graphql introspection in openshift
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.
| CWE | CWE-200 |
| Vendor | red hat |
| Product | red hat openshift container platform 4.16 |
| Published | Oct 22, 2024 |
| Last Updated | Nov 11, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat openshift container platform 4.16
Be the first to know when new medium vulnerabilities affecting red hat red hat openshift container platform 4.16 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0115 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0140 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-50312 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2319378 github.com: https://github.com/openshift/console/pull/14409/files
Credits
Red Hat would like to thank Maksymilian Kubiak (AFINE), Paweł Zdunek (AFINE), and Sławomir Zakrzewski (AFINE) for reporting this issue.