Response to CVE-2022-30331

Earlier this month, CVE-2022-30331 was filed as a vulnerability with a 8.8 severity score affecting TigerGraph’s User-Defined Functions (UDF) feature.

TigerGraph has disputed this vulnerability, as the basis of the claim merely states that a privileged user could write code within TigerGraph that might introduce a vulnerability in a query accessible to other authenticated users.

Background

One of the key benefits of using TigerGraph is the ability to create custom functions (UDFs) in native C for high-speed data-manipulation. These functions are then made available to all users for implementation in their query operations. As C is a powerful, low-level programming language, it is expected that anyone who writes or installs code is familiar with secure coding practices and careful to review any code from outside sources before implementation. By default, only users with the superuser role are allowed access to install UDFs, ensuring that any code installed is properly reviewed by an administrator at the appropriate level. Configuration controls are also available to ensure UDFs are pulled from a trusted administrator repository if the feature to store UDFs on GitHub is leveraged.

The remainder of the CVE details various malicious actions leveraging the custom C++ code in the UDF. None of these actions are possible with the proper superuser password configured and review of code by the superuser.

Root causes

These are the root causes of the exploitation detailed in the CVE:

  • The default superuser did not configure their password to enable authentication.

  • The superuser installed malicious/insecure code which allowed any user to execute a shell command.

Best practices to secure your deployment

The following best practices should always be followed to ensure your environment is secured:

  • Credentials should be properly configured. Default credentials/passwords is #5 in the OWASP Top 10 list of vulnerabilities.

  • By default, only superusers have the WRITE_FILE privilege, which permits the installation of UDFs. Only users trusted to review and install custom code should be given this privilege.

  • Superusers should treat UDFs as developed software and we recommend utilizing the Secure Software Development Life Cycle processes, including static code analysis and appropriate code reviews, prior to installing them on a TigerGraph deployment.

  • If GSQL is configured to read from a GitHub repository for UDFs, ensure that the repository is properly secured, and the hosted code and any future changes are reviewed by system administrators prior to installing them on a TigerGraph deployment.

The security of your data is paramount to us, and we are continually looking for ways to improve our product to make sure it stays safe. Please keep an eye out for future work on access control and other security hardening.