CVE-2023-28483

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 14, 2023
Updated: Aug 21, 2023

Summary

CVE-2023-28483 is a vulnerability affecting Tigergraph Enterprise version 3.7.0. This issue allows users to bypass the GSQL.FileOutputPolicy configuration setting in the query language, enabling them to write data to files on a remote TigerGraph server outside of the configured locations. Queries incorporating User-Defined Functions (UDFs) can exploit this vulnerability, potentially granting unauthorized access and data manipulation for administrative users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share