CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL queries that contain UDFs can bypass this configuration setting and, as a consequence, can write to any file location to which the administrative user has access.
References
Link Resource
https://neo4j.com/security/cve-2023-28483/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*

History

21 Aug 2023, 17:04

Type Values Removed Values Added
CPE cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Tigergraph
Tigergraph tigergraph
CWE NVD-CWE-noinfo
References (MISC) https://neo4j.com/security/cve-2023-28483/ - (MISC) https://neo4j.com/security/cve-2023-28483/ - Exploit, Third Party Advisory

14 Aug 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-14 19:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-28483

Mitre link : CVE-2023-28483

CVE.ORG link : CVE-2023-28483


JSON object : View

Products Affected

tigergraph

  • tigergraph