GMS-2022-6767: GraphQL queries can expose password hashes
(updated )
Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors.
References
- developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
- github.com/advisories/GHSA-3p7g-wrgg-wq45
- github.com/ibexa/graphql/commit/5ae5fb4d1d292ddde8528e040ef8a7c8dd7f9c6d
- github.com/ibexa/graphql/security/advisories/GHSA-3p7g-wrgg-wq45
Code Behaviors & Features
Detect and mitigate GMS-2022-6767 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →