CVE-2023-28483

Name of the Vulnerable Software and Affected Versions Tigergraph Enterprise version 3.7.0

Description An issue was discovered in the GSQL query language, which allows users to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. However, GSQL queries that contain User-Defined Functions (UDFs) can bypass this configuration setting, allowing them to write to any file location to which the administrative user has access.

Recommendations For Tigergraph Enterprise version 3.7.0, consider disabling the use of UDFs in GSQL queries until a patch is available to prevent bypassing the GSQL.FileOutputPolicy configuration setting. Additionally, restrict access to sensitive file locations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.