Technical information leak - API
Description
An attacker is able to gather the entire GraphQL API Schema Structure (both queries and mutations).
Impact
Get the knowledge of the Schema Structure to open a door for more dangerous attacks.
Recommendation
Disable introspection queries.
Threat
An anonymous attacker from the Internet network crafts an introspection query.
Expected Remediation Time
⏱️ 30 minutes.