CVE-2023-40027 - Unauthorized Access to Keystone CMS Admin Metadata via Public `adminMeta` GraphQL Query
Keystone is a popular open-source headless CMS for Node.js, designed to make it easy for developers to build powerful and flexible backend applications. It’
CVE-2023-38503 - Unauthorized Data Leak via GraphQL Subscriptions in Directus (Exploit & Details)
Directus is a popular, open-source headless CMS that acts as both an app dashboard and real-time API for SQL databases. In 2023, a major authorization
CVE-2023-0921 - How a Simple Oversight in GitLab’s GraphQL API Can Lead to DoS—With Code Examples and Exploit Details
CVE-2023-0921 reveals a denial-of-service (DoS) flaw in GitLab Community/Enterprise Editions. Authenticated users could abuse the GraphQL API to create Issue descriptions of massive size—
CVE-2023-2478 - How Unauthorized Users Can Attach Malicious Runners in GitLab Projects
Published: June 2024
Severity: Critical
Affected Platforms: GitLab CE/EE
Impact: Malicious code execution, supply chain compromise
CISA Alert: cisa.gov
What is CVE-2023-2478?
CVE-2023-2478
CVE-2022-26885 When using tasks to read config files, there is a risk of database password disclosure
Keep in mind that setting up tasks to read config files is a best practice and not a hard requirement. It’s recommended to do
Episode
00:00:00
00:00:00