How severe is CVE-2023-22948?

CVE-2023-22948 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2023-22948

Name: tigergraph
Author: tigergraph

4.9MEDIUM

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key.

发布于: 4/13/2023更新于: 2/7/2025

描述

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.

AI分析AI驱动

受影响产品

tigergraphtigergraph

参考资料

https://dev.tigergraph.com/forum/c/tg-community/announcements/35
Vendor Advisory
https://neo4j.com/security/cve-2023-22948/
ExploitThird Party Advisory
https://dev.tigergraph.com/forum/c/tg-community/announcements/35
Vendor Advisory
https://neo4j.com/security/cve-2023-22948/
ExploitThird Party Advisory