PT-2023-22027 · Vtex · Vtex Apps-Graphql
Publicado
2023-03-31
·
Atualizado
2023-04-08
·
CVE-2023-28877
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
VTEX apps-graphql versions 2.x
Description
The VTEX apps-graphql GraphQL API module does not properly restrict unauthorized access to private configuration data.
Recommendations
For VTEX apps-graphql versions 2.x, consider upgrading to version 3.x to resolve the issue, as version 3.x is unaffected by this problem.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vtex Apps-Graphql