Description
Acunetix determined that it was possible to access the Hasura GraphQL API without authentication. An unauthentication attacker may use this API to perform SSRF (Server-side request forgery) attacks.
Remediation
Restrict access to the Hasura GraphQL API by setting admin secret.
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.10)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.26)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)