CVE-2024-34517

Medium

6.5/10

Summary

The "Cypher" component in Neo4j versions prior to 5.19.0 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory
Advisory
Release Note
Release Note

Advisory Timeline

Published May 07, 2024

CVE-2024-34517

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS