CVE-2023-22949

Name of the Vulnerable Software and Affected Versions TigerGraph Enterprise Free Edition versions 3.x

Description An issue was discovered where user credentials are logged. All authenticated GSQL access requests are logged by TigerGraph in multiple places, including both the username and password of the user in an easily decodable base64 form. This could allow a TigerGraph administrator to harvest usernames and passwords.

Recommendations For TigerGraph Enterprise Free Edition version 3.x, consider disabling the logging of GSQL access requests as a temporary workaround until a patch is available. Restrict access to the logged data to minimize the risk of exploitation. Avoid using the username and password in the affected logging mechanism until the issue is resolved.