An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions).
References
Link | Resource |
---|---|
https://neo4j.com/security/cve-2023-28482/ | Exploit Third Party Advisory |
Configurations
History
21 Aug 2023, 17:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-434 | |
References | (MISC) https://neo4j.com/security/cve-2023-28482/ - Exploit, Third Party Advisory | |
First Time |
Tigergraph
Tigergraph tigergraph |
14 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-28482
Mitre link : CVE-2023-28482
CVE.ORG link : CVE-2023-28482
JSON object : View
Products Affected
tigergraph
- tigergraph
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type