x/vulndb: potential Go vuln in github.com/openshift/console: CVE-2024-50312

[GoVulnBot]

Advisory CVE-2024-50312 references a vulnerability in the following Go modules:

Module
github.com/openshift/console

Description:
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-50312
• FIX: https://github.com/openshift/console/pull/14409/files
• WEB: https://access.redhat.com/security/cve/CVE-2024-50312
• WEB: https://bugzilla.redhat.com/show_bug.cgi?id=2319378

Cross references:

• github.com/openshift/console appears in 2 other report(s):
  • data/excluded/GO-2023-2208.yaml (x/vulndb: potential Go vuln in github.com/openshift/console: CVE-2018-10937 #2208) LEGACY_FALSE_POSITIVE
  • data/reports/GO-2024-3083.yaml (x/vulndb: potential Go vuln in github.com/openshift/console: GHSA-4crf-28c7-v4gr #3083)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/openshift/console
      vulnerable_at: 6.0.6+incompatible
summary: CVE-2024-50312 in github.com/openshift/console
cves:
    - CVE-2024-50312
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-50312
    - fix: https://github.com/openshift/console/pull/14409/files
    - web: https://access.redhat.com/security/cve/CVE-2024-50312
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=2319378
source:
    id: CVE-2024-50312
    created: 2024-10-22T15:01:20.331742252Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/622835 mentions this issue: data/reports: add 16 unreviewed reports