Description

Your web application is running with GraphiQL Explorer/Playground enabled within a production environment. GraphiQL Explorer/Playground is an interactive in-browser GraphQL Integrated Development Environment (IDE) that allows developers to explore, test, and debug GraphQL queries and mutations. It provides a user-friendly interface for working with GraphQL APIs, making it easy to visualize the API schema, write queries, and see real-time results. GraphiQL is an open-source project maintained by the GraphQL Foundation.

Remediation

Disable GraphiQL Explorer/Playground: Ensure that the GraphiQL Explorer or Playground is disabled in production environments. It should only be enabled in development or staging environments with restricted access.

References

GraphiQL

Related Vulnerabilities

Unrestricted access to Haproxy Data Plane API

Unrestricted access to Prometheus

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.4)

Ruby on Rails weak/known secret token

PHP display_errors Is Enabled

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure