PT-2023-18790 · Tigergraph · Tigergraph Enterprise Free Edition
Published
2023-04-13
·
Updated
2023-05-04
·
CVE-2023-22948
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TigerGraph Enterprise Free Edition versions 3.x
Description
The issue allows for unsecured read access to an SSH private key. Any code running as the
tigergraph user can read the SSH private key, granting an attacker password-less SSH access to all machines in the TigerGraph cluster.Recommendations
For TigerGraph Enterprise Free Edition versions 3.x, restrict access to the SSH private key to prevent unauthorized read access. As a temporary workaround, consider restricting the privileges of the
tigergraph user to minimize the risk of exploitation.Exploit
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tigergraph Enterprise Free Edition