CVE-2023-47643

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 8.4.2

Description The issue affects SuiteCRM, a Customer Relationship Management (CRM) software application, where Graphql Introspection is enabled without authentication. This exposes the scheme defining all object types, arguments, and functions, allowing an attacker to obtain the GraphQL schema and understand the entire attack surface of the API. Sensitive fields, such as UserHash, are included in this exposure.

Recommendations For versions prior to 8.4.2, update to version 8.4.2 to resolve the issue. As a temporary workaround, consider disabling Graphql Introspection until the update can be applied.