CVE-2021-42767

CVE-2021-42767 describes a directory traversal vulnerability in the APOC procedures of Neo4j Graph Database. The flaw allows reading local files and, in some cases, creating local files via the APOC plugin before version 4.4.0.1. Publicly documented fixes exist: upgrade to 3.5.17, 4.2.10, 4.3.0.4...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

Neo4j 路径遍历漏洞

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, Inc. that supports data migration, add-ons, and more. A path traversal vulnerability exists in Neo4j Graph, which stems from a directory traversal vulnerability in the Apoc plugin in Neo4j Graph databases 4.0.0 through 4.3...

GHSA-4MPJ-488R-VH6M Neo4j Graph Database vulnerable to Path Traversal

Impact Directory Traversal Vulnerabilities found in several functions of apoc plugins in Neo4j Graph database. The attacker can retrieve and download files from outside the configured directory on the affected server. Under some circumstances, the attacker can also create files. Patches The users...

Neo4j Graph Database vulnerable to Path Traversal

Impact Directory Traversal Vulnerabilities found in several functions of apoc plugins in Neo4j Graph database. The attacker can retrieve and download files from outside the configured directory on the affected server. Under some circumstances, the attacker can also create files. Patches The users...

PT-2022-11681 · Neo4J · Neo4J Graph Database

Name of the Vulnerable Software and Affected Versions: Neo4J Graph database versions 4.0.0 through 4.3.6 Neo4J Graph database versions prior to 3.5.17 Neo4J Graph database versions prior to 4.2.10 Neo4J Graph database versions prior to 4.3.0.4 Neo4J Graph database versions prior to 4.4.0.1...

GitOops - All Paths Lead To Clouds

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables...

Neo4j has unspecified vulnerabilities

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, which supports data migration, add-ons, etc. A security vulnerability exists in Neo4j Graph Database versions 4.2 and 4.3, which stems from a failure to reset the security environment during certain transaction operations ...

CVE-2021-34802

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...

Authorization

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...

Neo4j 安全漏洞

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, which supports data migration, add-ons, etc. A security vulnerability exists in Neo4j Graph Database versions 4.2 and 4.3, which stems from a failure to reset the security environment during certain transaction operations ...

CVE-2021-34802

CVE-2021-34802 describes a vulnerability in Neo4j Graph Database versions 4.2 and 4.3 where a failure in resetting the security context during certain transaction actions could allow authenticated users to execute commands with elevated privileges. The root cause is a security-context reset issue...

CVE-2021-34802

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

OpenCSPM - Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain...

LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error

It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the...

Partner Perspectives: Maintaining Order in Chaotic Times

Erkang Zheng is the CISO of LifeOmic and the General Manager of JupiterOne. One of the key challenges facing growing cloud-native organizations is the ability to maintain your security and compliance posture despite your employees’ access to critical data from numerous locations and devices. This...

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery Cross-Site Scripting

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link:...

Subdomain Enumeration Tool: Amass

Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...