Description

HugeGraph is a convenient, efficient, and adaptable graph database compatible with the Apache TinkerPop3 framework and the Gremlin query language

Acunetix determined that it was possible to access HugeGraph API without authentication.

Remediation

Enable authentication for HugeGraph

References

Built-in User Authentication and Authorization Configuration and Usage in HugeGraph

Related Vulnerabilities

Xdebug remote code execution via xdebug.remote_connect_back

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)

WordPress Plugin Credova_Financial Information Disclosure (1.4.8)

WordPress username enumeration

WordPress Plugin Activity Log Information Disclosure (2.2.12)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation