Описание
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0 (включая) до 3.7.0 (включая)Версия от 3.0 (включая) до 3.7.0 (включая)
Одно из
cpe:2.3:a:tigergraph:tigergraph:*:*:*:*:cloud:*:*:*
cpe:2.3:a:tigergraph:tigergraph:*:*:*:*:enterprise_free:*:*:*
EPSS
Процентиль: 27%
0.00099
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-311
CWE-311
Связанные уязвимости
CVSS3: 4.9
github
почти 3 года назад
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.
EPSS
Процентиль: 27%
0.00099
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-311
CWE-311