CVE-2024-34517 – This vulnerability in Neo4j's Cypher component ... (How to Fix)

Q: What is the severity of CVE-2024-34517?

CVE-2024-34517 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Neo4j's Cypher component allows attackers with admin access to bypass IMMUTABLE privilege restrictions in certain situations. It affects Neo4j versions 5.0.0 through 5.18. The issue enables privilege escalation where immutable data protections can be circumvented.

📋 TL;DR

This vulnerability in Neo4j's Cypher component allows attackers with admin access to bypass IMMUTABLE privilege restrictions in certain situations. It affects Neo4j versions 5.0.0 through 5.18. The issue enables privilege escalation where immutable data protections can be circumvented.

💻 Affected Systems

Products:

Neo4j Graph Database

Versions: 5.0.0 through 5.18

Operating Systems: All platforms running Neo4j

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable by users with admin privileges. The vulnerability exists in the Cypher query language component.

📦 What is this software?

Neo4j by Neo4j

View all CVEs affecting Neo4j →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise where immutable data protections are bypassed, allowing unauthorized modification of supposedly protected data.

🟠

Likely Case

Privilege escalation where admin users can modify data that should be protected by IMMUTABLE privileges, potentially violating data integrity guarantees.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place to detect unusual admin activity.

🌐 Internet-Facing: MEDIUM - Exploitation requires admin access, but internet-facing instances with compromised credentials could be vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers with admin privileges could exploit this to bypass data protection controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires admin access but exploitation is straightforward once authenticated.

Exploitation requires existing admin-level access to the Neo4j instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.19.0 and later

Vendor Advisory: https://neo4j.com/security/cve-2024-34517/

Restart Required: Yes

Instructions:

1. Download Neo4j 5.19.0 or later from official sources. 2. Stop the Neo4j service. 3. Backup your database. 4. Install the updated version. 5. Restart the Neo4j service.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit admin privileges to only essential personnel and implement strict access controls.

Monitor Admin Activity

all

Implement comprehensive logging and monitoring of admin user activities, especially privilege-related operations.

🧯 If You Can't Patch

Implement strict principle of least privilege for admin accounts
Enable detailed audit logging for all admin operations and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Neo4j version using 'neo4j version' command or by examining server logs for version information.

Check Version:

neo4j version

Verify Fix Applied:

Verify version is 5.19.0 or later using 'neo4j version' command and test that IMMUTABLE privilege restrictions are properly enforced.

📡 Detection & Monitoring

Log Indicators:

Unusual admin privilege escalation attempts
Modification attempts on data with IMMUTABLE privileges
Cypher queries attempting to bypass privilege restrictions

Network Indicators:

Unusual patterns of admin-level database queries
Multiple privilege modification attempts in short timeframes

SIEM Query:

source="neo4j" AND (event_type="privilege_escalation" OR event_type="immutable_violation" OR query CONTAINS "IMMUTABLE")

📊 Metadata

CVE ID: CVE-2024-34517

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-471

Published: May 7, 2024

Last Updated: April 21, 2025

🔗 References

https://github.com/advisories/GHSA-p343-9qwp-pqxv Third Party Advisory
https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher Release Notes
https://neo4j.com/security/cve-2024-34517/ Vendor Advisory
https://trust.neo4j.com Product
https://github.com/advisories/GHSA-p343-9qwp-pqxv Third Party Advisory
https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher Release Notes
https://neo4j.com/security/cve-2024-34517/ Vendor Advisory
https://trust.neo4j.com Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34517, you might also want to check these: