101 matches found
CVE-2023-22948
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...
TigerGraph 安全漏洞
TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition version 3.x. The vulnerability stems from the presence of...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
CVE-2023-22948
CVE-2023-22948 affects TigerGraph Enterprise Free Edition 3.x, where an SSH private key is read-accessible by any code running as the tigergraph user. This leads to passwordless SSH access to all machines in the TigerGraph cluster, as described in multiple sources. The root cause is unsecured rea...
TigerGraph 安全漏洞
TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition version 3.x. The vulnerability stems from the presence of...
TigerGraph 安全漏洞
TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition version 3.x that stems from the ability to read authentication...
CVE-2023-22951
TigerGraph Enterprise Free Edition 3.x stores an internal authentication token in the configuration file. An attacker who can read the config file can use that token on the REST API to obtain anonymous admin-level privileges on all REST API endpoints. The issue is documented across multiple feeds...
CVE-2023-22950
TigerGraph CVE-2023-22950 affects TigerGraph Enterprise Free Edition 3.x. The issue enables data loading jobs in gsql_server, created by any user with designer permissions, to read sensitive data from arbitrary locations. The core impact is sensitive data exposure (confidentiality impact H) with ...
PT-2023-18794 · Tigergraph · Tigergraph Enterprise Free Edition
Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue was discovered where an authentication token for internal system use is created and can be read from the configuration file. Using this token on the REST API provides an...
PT-2023-18793 · Tigergraph · Tigergraph Enterprise Free Edition
Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue allows data loading jobs in gsql server to read sensitive data from arbitrary locations. This issue affects jobs created by any user with designer permissions...
PT-2023-18790 · Tigergraph · Tigergraph Enterprise Free Edition
Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: The issue allows for unsecured read access to an SSH private key. Any code running as the tigergraph user can read the SSH private key, granting an attacker password-less SSH access...
CVE-2022-30331
The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
CVE-2022-30331
The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
CVE-2022-30331
The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
PYSEC-2022-43064
The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
Code injection
DISPUTED The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
PYSEC-2022-43064
The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
CVE-2022-30331
The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...
TigerGraph 输入验证错误漏洞
TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. TigerGraph version 3.6.0 suffers from an input validation error vulnerability that stems from a User Defined Function UDF feature tha...
PT-2022-20067 · Tigergraph · Tigergraph
Name of the Vulnerable Software and Affected Versions: TigerGraph version 3.6.0 Description: The User-Defined Functions UDF feature in TigerGraph allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. The...