CVE-2019-1010304

Name of the Vulnerable Software and Affected Versions: Saleor versions 2.0.0 through 2.3.0

Description: The issue is related to Incorrect Access Control, allowing an unauthenticated user to access the GraphQL API, which is publicly exposed under the /graphql/ URL. This enables the user to fetch products data, potentially including admin-restricted shop's revenue data. The impact of this issue is considered Important.

Recommendations: For Saleor versions 2.0.0 through 2.3.0, update to version 2.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the /graphql/ URL to minimize the risk of exploitation.