Vulnerabilities > CVE-2023-22950 - Incorrect Resource Transfer Between Spheres vulnerability in Tigergraph

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tigergraph

CWE-669

NVD

Published: 2023-04-13

Updated: 2023-05-04

Summary

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

Vulnerable Configurations

Part	Description	Count
Application	Tigergraph Tigergraph Tigergraph *	2

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://neo4j.com/security/cve-2023-22950/
https://dev.tigergraph.com/forum/c/tg-community/announcements/35