An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.
References
Link | Resource |
---|---|
https://dev.tigergraph.com/forum/c/tg-community/announcements/35 | Product |
https://neo4j.com/security/cve-2023-22951/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-13T00:00:00
Updated: 2023-04-13T00:00:00
Reserved: 2023-01-11T00:00:00
Link: CVE-2023-22951
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-13T20:15:08.570
Modified: 2023-04-24T14:43:57.963
Link: CVE-2023-22951
JSON object: View
Redhat Information
No data.
CWE