Description

HugeGraph is a convenient, efficient, and adaptable graph database compatible with the Apache TinkerPop3 framework and the Gremlin query language

Invicti determined that it was possible to access HugeGraph API without authentication.

Remediation

Enable authentication for HugeGraph

References

Built-in User Authentication and Authorization Configuration and Usage in HugeGraph

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.34)

WordPress Plugin ACF to REST API Information Disclosure (3.2.0)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7831)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9414)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0211)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation