Description

Your web application is running with GraphiQL Explorer/Playground enabled within a production environment. GraphiQL Explorer/Playground is an interactive in-browser GraphQL Integrated Development Environment (IDE) that allows developers to explore, test, and debug GraphQL queries and mutations. It provides a user-friendly interface for working with GraphQL APIs, making it easy to visualize the API schema, write queries, and see real-time results. GraphiQL is an open-source project maintained by the GraphQL Foundation.

Remediation

Disable GraphiQL Explorer/Playground: Ensure that the GraphiQL Explorer or Playground is disabled in production environments. It should only be enabled in development or staging environments with restricted access.

References

GraphiQL

Related Vulnerabilities

PHP opcache-status page publicly accessible

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.6)

WordPress REST API User Enumeration

WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure