CVE-2024-34517 | THREATINT

Description

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

PUBLISHED Reserved 2024-05-05 | Published 2024-05-07 | Updated 2025-07-23 | Assigner mitre

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-471 Modification of Assumed-Immutable Data (MAID)

Product status

Default status

unaffected

5.0.0 (custom) before 5.19

affected

References

trust.neo4j.com

neo4j.com/security/cve-2024-34517/

github.com/neo4j/neo4j/wiki/Neo4j-5-changelog

github.com/advisories/GHSA-p343-9qwp-pqxv

trust.neo4j.com

neo4j.com/security/cve-2024-34517/

github.com/neo4j/neo4j/wiki/Neo4j-5-changelog

github.com/advisories/GHSA-p343-9qwp-pqxv

cve.org (CVE-2024-34517)

nvd.nist.gov (CVE-2024-34517)

Download JSON

help @ threatint.eu