CVE-2023-22948

MEDIUM

Tigergraph < 3.7.0 - Missing Encryption

Title source: rule

Description

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.

References (2)

[Vendor Advisory] https://dev.tigergraph.com/forum/c/tg-community/announcements/35

[Exploit, Third Party Advisory] https://neo4j.com/security/cve-2023-22948/

Scores

CVSS v3 4.9

EPSS 0.0014

EPSS Percentile 32.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

tigergraph/tigergraph 3.0 - 3.7.0 (2 CPE variants)

Published Apr 13, 2023

Tracked Since Feb 18, 2026