CVE-2023-28482

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions).
References
Link Resource
https://neo4j.com/security/cve-2023-28482/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*

History

21 Aug 2023, 17:21

Type Values Removed Values Added
CPE cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-434
References (MISC) https://neo4j.com/security/cve-2023-28482/ - (MISC) https://neo4j.com/security/cve-2023-28482/ - Exploit, Third Party Advisory
First Time Tigergraph
Tigergraph tigergraph

14 Aug 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-14 19:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-28482

Mitre link : CVE-2023-28482

CVE.ORG link : CVE-2023-28482


JSON object : View

Products Affected

tigergraph

  • tigergraph
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type