Описание
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.
Ссылки
- Product
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tigergraph:cloud:-:*:*:*:*:*:*:*
cpe:2.3:a:tigergraph:tigergraph_enterprise:3.7.0:*:*:*:free:-:*:*
cpe:2.3:a:tigergraph:tigergraph_enterprise:3.7.0:*:*:*:free:docker:*:*
EPSS
Процентиль: 29%
0.00102
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-Other
CWE-276
Связанные уязвимости
CVSS3: 8.8
github
почти 3 года назад
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.
EPSS
Процентиль: 29%
0.00102
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-Other
CWE-276