An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.
References
Link | Resource |
---|---|
https://dev.tigergraph.com/forum/c/tg-community/announcements/35 | Vendor Advisory |
https://neo4j.com/security/cve-2023-22948/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-13T00:00:00
Updated: 2023-04-13T00:00:00
Reserved: 2023-01-11T00:00:00
Link: CVE-2023-22948
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-13T19:15:08.120
Modified: 2023-05-04T13:32:19.617
Link: CVE-2023-22948
JSON object: View
Redhat Information
No data.
CWE