CVE-2023-22949

Опубликовано: 14 апр. 2023

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.

Ссылки

https://dev.tigergraph.com/forum/c/tg-community/announcements/35
Product
https://neo4j.com/security/cve-2023-22949/
Exploit
Third Party Advisory
https://dev.tigergraph.com/forum/c/tg-community/announcements/35
Product
https://neo4j.com/security/cve-2023-22949/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tigergraph:cloud:-:*:*:*:*:*:*:*

cpe:2.3:a:tigergraph:tigergraph_enterprise:3.7.0:*:*:*:free:-:*:*

cpe:2.3:a:tigergraph:tigergraph_enterprise:3.7.0:*:*:*:free:docker:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-gx8h-h4pj-j52p