Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28483

TigerGraph Enterprise 3.7.0 contains a local file-write control bypass in GSQL: queries using UDFs can bypass GSQL.FileOutputPolicy and write to any file location accessible to the admin. This is triggered when GSQL queries include UDFs, allowing writes outside configured policy. Impact is descri...

CVE-2023-28482

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

CVE-2023-28480

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions UDFs from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An...

Tigergraph Code Issues Vulnerabilities

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0. An attacker exploiting this vulnerability could change the...

Tigergraph Security Breach

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0. An attacker exploiting this vulnerability could use their own...

TigerGraph Security Vulnerability

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0. An attacker exploiting this vulnerability could write to any...

PT-2023-21751 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in Tigergraph Enterprise where there is unsecured write access to the SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public k...

PT-2023-21750 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the TigerGraph platform, which allows users to define new User Defined Functions UDFs from C/C++ code. This functionality enables users to upload custom C/C++ code,...

CVE-2023-28480

TigerGraph Enterprise 3.7.0 allows users to upload and compile custom C/C++ UDF code, enabling attackers with filesystem access on a remote system to alter database behavior and bypass built-in RBAC controls. The issue affects the UDF upload/installation pathway and arises from how uploaded code ...

CVE-2023-28482

CVE-2023-28482 affects TigerGraph Enterprise 3.7.0. A single TigerGraph instance hosting multiple graphs can be accessed by multiple users, and the platform reportedly does not protect the confidentiality of uploaded data, allowing any user with upload permissions to browse data uploaded by other...

CVE-2023-28481

CVE-2023-28481 affects Tigergraph Enterprise 3.7.0. The issue allows unsecured write access to the SSH authorized_keys file, enabling any code running as the tigergraph user to append their SSH public key. This can lead to password‑less SSH access using the attacker’s key. Publicly cited sources ...

CVE-2023-28480

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions UDFs from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An...

CVE-2023-28482

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

PT-2023-21752 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in Tigergraph Enterprise where a single instance can host multiple graphs accessed by multiple users. The platform does not protect the confidentiality of uploaded data,...

TigerGraph Code Issue Vulnerability

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0. An attacker exploiting this vulnerability can browse any data...