We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-34517



Description

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

Reserved 2024-05-05 | Published 2024-05-07 | Updated 2025-03-25 | Assigner mitre


MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-471 Modification of Assumed-Immutable Data (MAID)

Product status

Default status
unaffected

5.0.0 before 5.19
affected

References

trust.neo4j.com

neo4j.com/security/cve-2024-34517/

github.com/neo4j/neo4j/wiki/Neo4j-5-changelog

github.com/advisories/GHSA-p343-9qwp-pqxv

cve.org (CVE-2024-34517)

nvd.nist.gov (CVE-2024-34517)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-34517

Support options

Helpdesk Chat, Email, Knowledgebase