Timuric

Name of the Vulnerable Software and Affected Versions: Saleor versions 2.0.0 through 2.3.0 Description: The issue is related to Incorrect Access Control, allowing an unauthenticated user to access the GraphQL API, which is publicly exposed under the `/graphql/` URL. This enables the user to fetch products data, potentially including admin-restricted shop's revenue data. The impact of this issue is considered Important. Recommendations: For Saleor versions 2.0.0 through 2.3.0, update to version 2.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the `/graphql/` URL to minimize the risk of exploitation.