Site icon API Security Blog

Improper Access Control

@keystone-6/core is vulnerable to Improper Access Control. The vulnerability exists when the `ui.isAccessAllowed` parameter in the `KeystoneMeta` function of `adminMetaSchema.ts` is set as `undefined`, which allows an attacker to access the admin meta GraphQL query if the `session` strategy is not defined.Read More

Exit mobile version