Vulnerabilities > CVE-2023-22950 - Incorrect Resource Transfer Between Spheres vulnerability in Tigergraph

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
tigergraph
CWE-669

Summary

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

Vulnerable Configurations

Part Description Count
Application
Tigergraph
2