CVE-2023-28482
CVSS V2 None
CVSS V3 None
Description
An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions).
Overview
- CVE ID
- CVE-2023-28482
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-08-14T19:15:10
- Last Modified Date
- 2023-08-21T17:21:28
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://neo4j.com/security/cve-2023-28482/ | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-28482 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28482 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-09-06 03:43:00 | Added to TrackCVE | |||
| 2023-09-06 03:43:03 | Weakness Enumeration | new |