Description

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key.

Related CPE's

a

tigergraph

tigergraph

3.7.0

*

*

*

enterprise

Vulnerable

References

https://neo4j.com/security/cve-2023-28481/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-639

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-14T19:15:10.413

11 months ago

Last modified

2023-08-21T17:18:27.813

11 months ago