CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key.
References
Link Resource
https://neo4j.com/security/cve-2023-28481/ Exploit Third Party Advisory
https://neo4j.com/security/cve-2023-28481/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 07:55

Type Values Removed Values Added
References () https://neo4j.com/security/cve-2023-28481/ - Exploit, Third Party Advisory () https://neo4j.com/security/cve-2023-28481/ - Exploit, Third Party Advisory

21 Aug 2023, 17:18

Type Values Removed Values Added
CWE CWE-639
CPE cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*
References (MISC) https://neo4j.com/security/cve-2023-28481/ - (MISC) https://neo4j.com/security/cve-2023-28481/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Tigergraph
Tigergraph tigergraph

14 Aug 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-14 19:15

Updated : 2024-11-21 07:55


NVD link : CVE-2023-28481

Mitre link : CVE-2023-28481

CVE.ORG link : CVE-2023-28481


JSON object : View

Products Affected

tigergraph

  • tigergraph
CWE
CWE-639

Authorization Bypass Through User-Controlled Key