Horizon Alert
Summary of the vulnerability and why it matters
This issue in Dgraph allows an unauthenticated attacker to read all data within the database. It's critical to address because it impacts the default configuration where access controls are not enabled, exposing sensitive information.
- Gives attackers full data access.
- Affects Dgraph's default configuration.
- Requires only a single HTTP request.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request to the `/mutate` endpoint. This request bypasses authorization checks, allowing the attacker to execute arbitrary DQL queries on the database. The attacker can then exfiltrate sensitive data by injecting a malicious query block into the `cond` field of an upsert mutation.
- No authentication required.
- Target: Dgraph's `/mutate` endpoint.
- Precondition: ACLs must be disabled.
Live Threat
Current exploitation, exposure, and threat context
This critical vulnerability allows unauthenticated attackers to read all data from Dgraph databases when ACLs are not enabled. The attack is straightforward, involving a crafted HTTP POST request that exploits insecure handling of user input in DQL queries. Attackers are likely to target this because of the direct data exfiltration capability and the ease of exploitation.
- Unauthenticated data access
- Simple HTTP POST exploit
- Affects default configuration
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize updating Dgraph to version 25.3.3 or later to address a critical vulnerability allowing unauthenticated attackers full read access to data. If immediate patching is not feasible, review your Dgraph configurations for enabled ACLs and consider network segmentation or blocking direct internet access to the affected endpoints.
- Update Dgraph to 25.3.3.
- Isolate services if patching is delayed.
- Monitor for suspicious query patterns.
