GraphQL Introspection Enabled - P5

TimmyBugcrowd · TimmyBugcrowd · commit a1cf9a020a93 · 2025-04-20T11:10:16.000+02:00
#450
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -921,6 +921,10 @@
     {
       "id": "sensitive_data_exposure",
       "children": [
+        {
+          "id": "graphql_introspection_enabled",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+        },
         {
           "id": "disclosure_of_known_public_information",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
@@ -774,6 +774,12 @@
         "CWE-934"
       ],
       "children": [
+        {
+          "id": "graphql_introspection_enabled",
+          "cwe": [
+            "CWE-200"
+          ]
+        },
         {
           "id": "disclosure_of_known_public_information",
           "cwe": [
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -1233,10 +1233,14 @@
         "https://www.cvedetails.com/vulnerability-list/opginf-1/gain-information.html"
       ],
       "children": [
+        {
+          "id": "graphql_introspection_enabled",
+          "remediation_advice": "Disable GraphQL introspection in production environments to prevent attackers from enumerating the API schema."
+        }, 
         {
           "id": "disclosure_of_known_public_information",
           "remediation_advice": "As a best practice, avoid disclosing known public information unnecessarily."
-        },
+        },       
         {
           "id": "disclosure_of_secrets",
           "remediation_advice": "1. Do not store secrets in source code that is publicly accessible such as in a public GitHub repository.\n2. Critically sensitive data should not be transmitted in cleartext. Make sure to only use `HTTPS` whenever transmitting passwords and private API keys.\n3. Set appropriate headers to prevent caching of sensitive data when served to end-user."
diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
@@ -1836,6 +1836,12 @@
       "name": "Sensitive Data Exposure",
       "type": "category",
       "children": [
+        {
+          "id": "graphql_introspection_enabled",
+          "name": "GraphQL Introspection Enabled",
+          "type": "subcategory",
+          "priority": 5
+        },
         {
           "id": "disclosure_of_known_public_information",
           "name": "Disclosure of Known Public Information",

Original file line number	Diff line number	Diff line change
`@@ -921,6 +921,10 @@`
`921`	`921`	`{`
`922`	`922`	`"id": "sensitive_data_exposure",`
`923`	`923`	`"children": [`
	`924`	`+ {`
	`925`	`+ "id": "graphql_introspection_enabled",`
	`926`	`+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"`
	`927`	`+ },`
`924`	`928`	`{`
`925`	`929`	`"id": "disclosure_of_known_public_information",`
`926`	`930`	`"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"`