Description

Your web application is running with GraphiQL Explorer/Playground enabled within a production environment. GraphiQL Explorer/Playground is an interactive in-browser GraphQL Integrated Development Environment (IDE) that allows developers to explore, test, and debug GraphQL queries and mutations. It provides a user-friendly interface for working with GraphQL APIs, making it easy to visualize the API schema, write queries, and see real-time results. GraphiQL is an open-source project maintained by the GraphQL Foundation.

Remediation

Disable GraphiQL Explorer/Playground: Ensure that the GraphiQL Explorer or Playground is disabled in production environments. It should only be enabled in development or staging environments with restricted access.

References

GraphiQL

Related Vulnerabilities

Jenkins open people list

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.7)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-5682)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure