CVE-2024-54147

Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5

Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL request and response headers and bodies, including authorization tokens, for users on untrusted networks. The attack can also grant full access to signed-in Altair GraphQL Cloud accounts and enable the replacement of payment checkout pages with malicious websites.

Recommendations: For versions prior to 8.0.5, update to version 8.0.5 to fix the issue. As a temporary workaround, consider avoiding the use of the desktop app on untrusted networks until the update is applied. Restrict access to sensitive information and avoid using the desktop app for transactions that require high security until the issue is resolved.