Описание
A flaw was found in Neo4j. Authenticated users can inherit the authentication context of the first user who authenticated after a system restart. This occurs due to excessive caching of authentication context in certain non-default configurations of the Single Sign-On (SSO) UserInfo endpoint. This could lead to unauthorized access to resources or actions intended for the initial user.
Отчет
This LOW impact vulnerability affects Neo4j Enterprise edition versions prior to 2026.01.4. Authenticated users may inherit another user's authentication context due to excessive caching in SSO. Exploitation requires high complexity—non-default SSO configuration and timing relative to restart. Impact is limited since the attacker cannot control whose context they inherit. Red Hat products are affected if using vulnerable Neo4j versions with SSO UserInfo endpoint enabled.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 4 | camel-neo4j | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | neo4j-bolt-connection | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | neo4j-bolt-connection-netty | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | neo4j-bolt-connection-pooled | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | neo4j-bolt-connection-routed | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | neo4j-java-driver | Fix deferred | ||
| Red Hat Fuse 7 | neo4j-ogm-core | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 8 | neo4j | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | neo4j | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-model-registry-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
EPSS
4.2 Medium
CVSS3