GraphQL Unhandled Error Leakage

Severity:

Medium

Summary

We identified a potential security vulnerability within your web application that utilizes GraphQL. The application is inadvertently disclosing sensitive exception details, such as error messages and stack traces, through the errors.message.extensions.exception.stack response properties. This information leakage poses a risk to the application's security posture, as attackers could exploit the exposed details to gain further insight into the system's architecture and potentially launch more targeted attacks.

Impact

The primary impact of this vulnerability is the potential disclosure of sensitive information. When exception errors are not properly handled, error messages may inadvertently reveal details about the application's inner workings, such as file paths, database schema, or even credentials. Attackers can leverage this information to plan and execute further attacks on the system.

Remediation

Implement proper error handling mechanisms in the GraphQL server to catch and manage exception errors. Ensure that exceptions are caught and handled at the appropriate level within the application. Utilize try-catch blocks to manage exceptions and avoid unhandled errors.
Replace detailed error messages with generic ones that do not disclose sensitive information. Error messages should be informative enough for users to understand the issue but not specific enough to reveal underlying system details that may be exploited by attackers.

Required Skills for Successful Exploitation

Actions To Take

Classifications

CWE-CWE-209

AV:N/AC:L/Au:N/C:P/I:N/A:N