7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
60.1%
A partial Directory Traversal Vulnerability found in apoc.log.stream
function of apoc plugins in Neo4j Graph database.
This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example, userControlled.getCanonicalPath().startsWith("/usr/out")
will allow an attacker to access a directory with a name like /usr/outnot
.
The users should aim to use the latest released version compatible with their Neo4j version. The minimum versions containing patch for this vulnerability are 4.4.0.8 and 4.3.0.7
If you cannot upgrade the library, you can control the allowlist of the functions that can be used in your system
If you have any questions or comments about this advisory:
We want to publicly recognise the contribution of Jonathan Leitschuh for reporting this issue.
github.com/neo4j-contrib/neo4j-apoc-procedures
github.com/neo4j-contrib/neo4j-apoc-procedures/commit/d2f415c6f703bbc2cda4a753928821ff15d5c620
github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510
github.com/neo4j-contrib/neo4j-apoc-procedures/pull/3080
github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-78f9-745f-278p
neo4j.com/docs/aura/platform/apoc
nvd.nist.gov/vuln/detail/CVE-2022-37423