PT-2023-22027 · Vtex · Vtex Apps-Graphql

Published

2023-03-31

Updated

2023-04-08

CVE-2023-28877

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions VTEX apps-graphql versions 2.x

Description The VTEX apps-graphql GraphQL API module does not properly restrict unauthorized access to private configuration data.

Recommendations For VTEX apps-graphql versions 2.x, consider upgrading to version 3.x to resolve the issue, as version 3.x is unaffected by this problem.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2023-28877

Affected Products

Vtex Apps-Graphql

PT-2023-22027 · Vtex · Vtex Apps-Graphql

CVE-2023-28877

Weakness Enumeration

Related Identifiers

Affected Products

References · 5