Description

HugeGraph is a convenient, efficient, and adaptable graph database compatible with the Apache TinkerPop3 framework and the Gremlin query language

Acunetix determined that it was possible to access HugeGraph API without authentication.

Remediation

Enable authentication for HugeGraph

References

Built-in User Authentication and Authorization Configuration and Usage in HugeGraph

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3529)

Unrestricted access to NGINX+ API interface (read write)

OwnCloud phpinfo Information Disclosure (CVE-2023-49103)

Unrestricted access to a monitoring system

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation