CVE-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

Neo4j < 5.19.0 Privilege Mishandling (CVE-2024-34517)

According to its its self-reported version number, the version of Neo4j running on the remote host is a version prior to 5.19.0. It is, therefore, affected by a privilege mishandling vulnerability in the Cypher component which mishandles IMMUTABLE privileges. Note that Nessus has not tested for...

CVE-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

CVE-2024-34517

Summary: CVE-2024-34517 affects the Cypher component in Neo4j 5.0.0–5.19.0, where IMMUTABLE privileges can be mishandled in certain scenarios if an attacker already has admin access. The issue is documented across multiple sources (CVE entry, RH advisory, GHSA, OSV references). Impact (as stated)...

Neo4j 安全漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from Neo4j, Inc. that supports data migration, add-ons, and more. A security vulnerability exists in Neo4j versions prior to 5.19.0 that stems from the Cypher component incorrectly handling IMMUTABLE permissions...