CVE Vulnerabilities

CVE-2024-34517

Modification of Assumed-Immutable Data (MAID)

Published: May 07, 2024 | Modified: Apr 21, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

Weakness

The product does not properly protect an assumed-immutable element from being modified by an attacker.

Affected Software

Name Vendor Start Version End Version
Neo4j Neo4j 5.0.0 (including) 5.19.0 (excluding)

Potential Mitigations

References