An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key.
References
Link | Resource |
---|---|
https://neo4j.com/security/cve-2023-28481/ | Exploit Third Party Advisory |
Configurations
History
21 Aug 2023, 17:18
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://neo4j.com/security/cve-2023-28481/ - Exploit, Third Party Advisory | |
CWE | CWE-639 | |
CPE | cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Tigergraph
Tigergraph tigergraph |
14 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-28481
Mitre link : CVE-2023-28481
CVE.ORG link : CVE-2023-28481
JSON object : View
Products Affected
tigergraph
- tigergraph
CWE
CWE-639
Authorization Bypass Through User-Controlled Key