Lucene search
K

42 matches found

OSV
OSV
added 2026/05/29 10:28 a.m.6 views

BIT-NEO4J-2026-1471 Caching of authentication context

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.1.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We recomme...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 11:48 a.m.4 views

BIT-NEO4J-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.5 views

CVE-2026-1524

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

2.1CVSS5.8AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.5 views

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

2CVSS5.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11210

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:30 p.m.5 views

EUVD-2026-11184

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

2CVSS5.8AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 5:16 p.m.5 views

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

6.5CVSS0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 5:16 p.m.5 views

CVE-2026-1524

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

9.8CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 4:30 p.m.14 views

CVE-2026-1471

The CVE affects Neo4j Enterprise edition prior to version 2026.01.4. Root cause: excessive caching of authentication context in certain non-default SSO UserInfo endpoint configurations, causing authenticated users to inherit the context of the first user who authenticated after a restart. Impact:...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 4:30 p.m.1 views

CVE-2026-1471 Caching of authentication context

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:30 p.m.1 views

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 4:30 p.m.27 views

CVE-2026-1471 Caching of authentication context

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 4:16 p.m.21 views

CVE-2026-1524

CVE-2026-1524 describes an edge case in Neo4j Enterprise Edition’s SSO (OIDC) integration. Before version 2026.02 (and 5.26.22), if an admin configured two or more OIDC providers with at least one as authorization and one as authentication-only, those authentication-only providers could implicitl...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:16 p.m.1 views

CVE-2026-1524

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

2.1CVSS5.8AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 4:16 p.m.29 views

CVE-2026-1524 Auth misconfiguration when multiple providers enabled

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

2.1CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 4:16 p.m.1 views

CVE-2026-1524 Auth misconfiguration when multiple providers enabled

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

2.1CVSS5.8AI score0.00315EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 4:16 p.m.6 views

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

7.2CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 3:50 p.m.2 views

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

2CVSS5.8AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:50 p.m.2 views

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

2CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 3:50 p.m.33 views

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

2CVSS0.00235EPSS
Exploits0References1
Rows per page
Query Builder