CVE-2023-38503 - Unauthorized Data Leak via GraphQL Subscriptions in Directus (Exploit & Details)
Directus is a popular, open-source headless CMS that acts as both an app dashboard and real-time API for SQL databases. In 2023, a major authorization
CVE-2023-0921 - How a Simple Oversight in GitLab’s GraphQL API Can Lead to DoS—With Code Examples and Exploit Details
CVE-2023-0921 reveals a denial-of-service (DoS) flaw in GitLab Community/Enterprise Editions. Authenticated users could abuse the GraphQL API to create Issue descriptions of massive size—
CVE-2023-2478 - How Unauthorized Users Can Attach Malicious Runners in GitLab Projects
Published: June 2024
Severity: Critical
Affected Platforms: GitLab CE/EE
Impact: Malicious code execution, supply chain compromise
CISA Alert: cisa.gov
What is CVE-2023-2478?
CVE-2023-2478
CVE-2022-26885 When using tasks to read config files, there is a risk of database password disclosure
Keep in mind that setting up tasks to read config files is a best practice and not a hard requirement. It’s recommended to do
CVE-2022-41876 - How a Simple GraphQL Query Could Leak Admin Password Hashes in ezplatform-graphql
On October 26, 2022, a critical vulnerability was disclosed in the ezplatform-graphql package—a popular GraphQL server implementation for Ibexa DXP and Ibexa Open Source.
Episode
00:00:00
00:00:00