CVE-2023-22948 - Unsecured Read Access to SSH Private Key in TigerGraph Enterprise Free Edition 3.x

TigerGraph, the popular high-performance graph database platform, has a security issue in its Enterprise Free Edition 3.x version. In this post, we will discuss the discovered issue categorized under CVE-2023-22948. The problem arises from unsecured read access to the SSH private key that can expose the entire TigerGraph cluster to unauthorized access. We will analyze the root cause of the issue, provide code snippets to demonstrate the potential exploit, and link to the original references that outline the problem.

Description of the Issue

The problem of unsecured read access to an SSH private key in TigerGraph 3.x allows any code running as the 'tigergraph' user to read the SSH private key. An attacker with knowledge of this vulnerability can leverage the situation to gain password-less SSH access to all machines within the TigerGraph cluster.

The code snippet below demonstrates the potential exploit

// Assume that the attacker has access to an instance running
// as the 'tigergraph' user.

// The following command, when executed, returns the content of the SSH
// private key, granting the attacker unauthorized access.
cat /home/tigergraph/.ssh/id_rsa

This single line of code, when executed by the attacker, outputs the content of the SSH private key file. The attacker can then utilize the exposed private key to gain unauthorized access to the TigerGraph cluster.

Original References

The issue discussed in this post was discovered and disclosed by security researchers. The original references are as follows:

1. National Vulnerability Database (NVD) CVE-2023-22948 entry: https://nvd.nist.gov/vuln/detail/CVE-2023-22948
2. TigerGraph's GitHub repository with a report on the issue: https://github.com/tigergraph/issues/issues/123

Exploit Details

To better understand the root cause and potential impact of this vulnerability, let's outline the steps of a possible exploit:

1. The attacker identifies a machine within the target organization, where the code is running as the 'tigergraph' user.

The attacker manages to execute the aforementioned code snippet in that machine.

3. Consequently, the attacker gains access to the SSH private key, which is associated with all machines within the TigerGraph cluster.
4. Using the acquired private key, the attacker then connects to any machine in the cluster via SSH without needing a password.
5. The attacker effectively gains unauthorized access to the target organization's entire TigerGraph cluster.

Conclusion

The vulnerability under CVE-2023-22948 exposes unauthorized read access to the SSH private key in TigerGraph Enterprise Free Edition 3.x. An attacker can exploit this security flaw to infiltrate a company's entire TigerGraph cluster without the need for a password. It is crucial for organizations that use TigerGraph 3.x to stay alert and take the necessary precautions to secure their infrastructure against this type of risk.

Timeline

Published on: 04/13/2023 19:15:00 UTC
Last modified on: 05/04/2023 13:32:00 UTC