Description
Acunetix determined that it was possible to access the Hasura GraphQL API without authentication. An unauthentication attacker may use this API to perform SSRF (Server-side request forgery) attacks.
Remediation
Restrict access to the Hasura GraphQL API by setting admin secret.
References
Related Vulnerabilities
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-46158)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.26)
WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2212)