Description

Your web application is running with GraphiQL Explorer/Playground enabled within a production environment. GraphiQL Explorer/Playground is an interactive in-browser GraphQL Integrated Development Environment (IDE) that allows developers to explore, test, and debug GraphQL queries and mutations. It provides a user-friendly interface for working with GraphQL APIs, making it easy to visualize the API schema, write queries, and see real-time results. GraphiQL is an open-source project maintained by the GraphQL Foundation.

Remediation

Disable GraphiQL Explorer/Playground: Ensure that the GraphiQL Explorer or Playground is disabled in production environments. It should only be enabled in development or staging environments with restricted access.

References

GraphiQL

Related Vulnerabilities

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

Delve Debugger Unauthorized Access Vulnerability

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure