CVE-2023-28482

Name of the Vulnerable Software and Affected Versions Tigergraph Enterprise version 3.7.0

Description An issue was discovered in Tigergraph Enterprise where a single instance can host multiple graphs accessed by multiple users. The platform does not protect the confidentiality of uploaded data, allowing any user with upload permissions to browse data uploaded by other users, regardless of their permissions.

Recommendations For Tigergraph Enterprise version 3.7.0, consider restricting access to sensitive data and implementing additional access controls to minimize the risk of unauthorized data browsing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.