BIT-neo4j-2024-34517

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/neo4j/BIT-neo4j-2024-34517.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-neo4j-2024-34517

Aliases

CVE-2024-34517
GHSA-p343-9qwp-pqxv

Published

2025-03-12T07:15:48.750Z

Modified

2025-04-22T07:43:26.909Z

Summary

[none]

Details

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:neo4j:neo4j:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:neo4j:neo4j:*:*:*:*:*:community:*:*"
    ]
}

References

https://github.com/advisories/GHSA-p343-9qwp-pqxv
https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher
https://neo4j.com/security/cve-2024-34517/
https://trust.neo4j.com
https://nvd.nist.gov/vuln/detail/CVE-2024-34517

Affected packages

Bitnami / neo4j

Package

Name: neo4j
Purl: pkg:bitnami/neo4j

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.0.0

Fixed

5.20.0