cvelistv5 - CVE-2023-34468

CVE-2023-34468

Vulnerability from cvelistv5

Published

2023-06-12 15:09

Modified

2024-10-08 20:27

Severity ?

Summary

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

References

URL	Tags
security@apache.org	http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@apache.org	http://www.openwall.com/lists/oss-security/2023/06/12/3	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8	Mailing List, Vendor Advisory
security@apache.org	https://nifi.apache.org/security.html#CVE-2023-34468	Release Notes, Vendor Advisory
security@apache.org	https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/12/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nifi.apache.org/security.html#CVE-2023-34468	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

Apache Software Foundation

Apache NiFi

Version: 0.0.2 ≤ 1.21.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:10:07.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nifi",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "1.21.0",
                "status": "affected",
                "version": "0.0.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-34468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T20:21:50.926008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T20:27:24.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache NiFi",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.21.0",
              "status": "affected",
              "version": "0.0.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matei \"Mal\" Badanoiu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\u003c/div\u003e\u003cdiv\u003eThe resolution validates the Database URL and rejects H2 JDBC locations.\u003c/div\u003e\u003cdiv\u003eYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T15:09:20.711Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
        },
        {
          "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
        }
      ],
      "source": {
        "defect": [
          "NIFI-11653"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-06T01:00:00.000Z",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2023-06-06T09:00:00.000Z",
          "value": "confirmed"
        },
        {
          "lang": "en",
          "time": "2023-06-06T09:00:00.000Z",
          "value": "resolved"
        }
      ],
      "title": "Apache NiFi: Potential Code Injection with Database Services using H2",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-34468",
    "datePublished": "2023-06-12T15:09:20.711Z",
    "dateReserved": "2023-06-06T17:30:23.654Z",
    "dateUpdated": "2024-10-08T20:27:24.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.0.2\", \"versionEndExcluding\": \"1.22.0\", \"matchCriteriaId\": \"9AE066CD-D3B6-4260-B776-3715D427A433\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\\n\\nThe resolution validates the Database URL and rejects H2 JDBC locations.\\n\\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\\n\\n\\n\"}]",
      "id": "CVE-2023-34468",
      "lastModified": "2024-11-21T08:07:19.210",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-06-12T16:15:10.130",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/06/12/3\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://nifi.apache.org/security.html#CVE-2023-34468\", \"source\": \"security@apache.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/06/12/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://nifi.apache.org/security.html#CVE-2023-34468\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-34468\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-06-12T16:15:10.130\",\"lastModified\":\"2024-11-21T08:07:19.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\\n\\nThe resolution validates the Database URL and rejects H2 JDBC locations.\\n\\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.0.2\",\"versionEndExcluding\":\"1.22.0\",\"matchCriteriaId\":\"9AE066CD-D3B6-4260-B776-3715D427A433\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/12/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://nifi.apache.org/security.html#CVE-2023-34468\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/06/12/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://nifi.apache.org/security.html#CVE-2023-34468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://nifi.apache.org/security.html#CVE-2023-34468\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/06/12/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:10:07.133Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-34468\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-08T20:21:50.926008Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"nifi\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.21.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-08T20:27:09.551Z\"}}], \"cna\": {\"title\": \"Apache NiFi: Potential Code Injection with Database Services using H2\", \"source\": {\"defect\": [\"NIFI-11653\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Matei \\\"Mal\\\" Badanoiu\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache NiFi\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.21.0\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-06-06T01:00:00.000Z\", \"value\": \"reported\"}, {\"lang\": \"en\", \"time\": \"2023-06-06T09:00:00.000Z\", \"value\": \"confirmed\"}, {\"lang\": \"en\", \"time\": \"2023-06-06T09:00:00.000Z\", \"value\": \"resolved\"}], \"references\": [{\"url\": \"https://nifi.apache.org/security.html#CVE-2023-34468\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/06/12/3\"}, {\"url\": \"http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html\"}, {\"url\": \"https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\\n\\nThe resolution validates the Database URL and rejects H2 JDBC locations.\\n\\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eThe DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\u003c/div\u003e\u003cdiv\u003eThe resolution validates the Database URL and rejects H2 JDBC locations.\u003c/div\u003e\u003cdiv\u003eYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-06-12T15:09:20.711Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-34468\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-08T20:27:24.966Z\", \"dateReserved\": \"2023-06-06T17:30:23.654Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-06-12T15:09:20.711Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2023-1423

Vulnerability from csaf_certbund

Published

2023-06-12 22:00

Modified

2023-06-12 22:00

Summary

Apache Nifi: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache Nifi ist ein System zur Verarbeitung und Verteilung von Daten. Es unterstützt skalierbare gerichtete Graphen der Datenweiterleitung, -transformation und Systemvermittlungslogik.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Nifi ausnutzen, um beliebigen Programmcode auszuführen und weitere, nicht spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Nifi ist ein System zur Verarbeitung und Verteilung von Daten. Es unterst\u00fctzt skalierbare gerichtete Graphen der Datenweiterleitung, -transformation und Systemvermittlungslogik.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Nifi ausnutzen, um beliebigen Programmcode auszuf\u00fchren und weitere, nicht spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1423 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1423.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1423 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1423"
      },
      {
        "category": "external",
        "summary": "Apache nifi Security vom 2023-06-12",
        "url": "https://nifi.apache.org/security.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Nifi: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-06-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:30:39.926+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-1423",
      "initial_release_date": "2023-06-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apache Nifi \u003c 1.22.0",
            "product": {
              "name": "Apache Nifi \u003c 1.22.0",
              "product_id": "T028055",
              "product_identification_helper": {
                "cpe": "cpe:/a:apache:nifi:1.22.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-34212",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Nifi. Diese bestehen im Zusammenhang mit JndiJmsConnectionFactoryProvider Controller Service zusammen mit den ConsumeJMS- und PublishJMS-Prozessoren. Ein Angreifer kann diese Schwachstelle ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "release_date": "2023-06-12T22:00:00Z",
      "title": "CVE-2023-34212"
    },
    {
      "cve": "CVE-2023-34468",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Nifi. Diese besteht im Zusammenhang mit den DBCPConnectionPool und HikariCPConnectionPool Controller Services. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren."
        }
      ],
      "release_date": "2023-06-12T22:00:00Z",
      "title": "CVE-2023-34468"
    }
  ]
}

WID-SEC-W-2023-1423

Vulnerability from csaf_certbund

Published

2023-06-12 22:00

Modified

2023-06-12 22:00

Summary

Apache Nifi: Mehrere Schwachstellen

Notes

Produktbeschreibung

Apache Nifi ist ein System zur Verarbeitung und Verteilung von Daten. Es unterstützt skalierbare gerichtete Graphen der Datenweiterleitung, -transformation und Systemvermittlungslogik.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Nifi ausnutzen, um beliebigen Programmcode auszuführen und weitere, nicht spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Nifi ist ein System zur Verarbeitung und Verteilung von Daten. Es unterst\u00fctzt skalierbare gerichtete Graphen der Datenweiterleitung, -transformation und Systemvermittlungslogik.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Nifi ausnutzen, um beliebigen Programmcode auszuf\u00fchren und weitere, nicht spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1423 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1423.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1423 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1423"
      },
      {
        "category": "external",
        "summary": "Apache nifi Security vom 2023-06-12",
        "url": "https://nifi.apache.org/security.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Nifi: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-06-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:30:39.926+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-1423",
      "initial_release_date": "2023-06-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apache Nifi \u003c 1.22.0",
            "product": {
              "name": "Apache Nifi \u003c 1.22.0",
              "product_id": "T028055",
              "product_identification_helper": {
                "cpe": "cpe:/a:apache:nifi:1.22.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-34212",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Nifi. Diese bestehen im Zusammenhang mit JndiJmsConnectionFactoryProvider Controller Service zusammen mit den ConsumeJMS- und PublishJMS-Prozessoren. Ein Angreifer kann diese Schwachstelle ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "release_date": "2023-06-12T22:00:00Z",
      "title": "CVE-2023-34212"
    },
    {
      "cve": "CVE-2023-34468",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Nifi. Diese besteht im Zusammenhang mit den DBCPConnectionPool und HikariCPConnectionPool Controller Services. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren."
        }
      ],
      "release_date": "2023-06-12T22:00:00Z",
      "title": "CVE-2023-34468"
    }
  ]
}

ghsa-xm2m-2q6h-22jw

Vulnerability from github

Published

2023-06-12 18:30

Modified

2024-04-12 16:39

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Apache NiFi vulnerable to Code Injection

Details

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.nifi:nifi-dbcp-base"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.2"
            },
            {
              "fixed": "1.22.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.nifi:nifi-hikari-dbcp-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.2"
            },
            {
              "fixed": "1.22.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.nifi:nifi-dbcp-service-nar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.2"
            },
            {
              "fixed": "1.22.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-34468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-12T20:29:34Z",
    "nvd_published_at": "2023-06-12T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n",
  "id": "GHSA-xm2m-2q6h-22jw",
  "modified": "2024-04-12T16:39:23Z",
  "published": "2023-06-12T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34468"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/nifi/pull/7349"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361"
    },
    {
      "type": "WEB",
      "url": "https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/nifi"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/NIFI-11653"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
    },
    {
      "type": "WEB",
      "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
    },
    {
      "type": "WEB",
      "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache NiFi vulnerable to Code Injection"
}

CVE-2023-34468

Vulnerability from fkie_nvd

Published

2023-06-12 16:15

Modified

2024-11-21 08:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@apache.org	http://www.openwall.com/lists/oss-security/2023/06/12/3	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8	Mailing List, Vendor Advisory
security@apache.org	https://nifi.apache.org/security.html#CVE-2023-34468	Release Notes, Vendor Advisory
security@apache.org	https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/06/12/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nifi.apache.org/security.html#CVE-2023-34468	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	apache	nifi	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE066CD-D3B6-4260-B776-3715D427A433",
              "versionEndExcluding": "1.22.0",
              "versionStartIncluding": "0.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
    }
  ],
  "id": "CVE-2023-34468",
  "lastModified": "2024-11-21T08:07:19.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-06-12T16:15:10.130",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@apache.org",
      "type": "Primary"
    }
  ]
}

gsd-2023-34468

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-34468

Aliases

CVE-2023-34468

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-34468",
    "id": "GSD-2023-34468"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34468"
      ],
      "details": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n",
      "id": "GSD-2023-34468",
      "modified": "2023-12-13T01:20:30.923885Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-34468",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache NiFi",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0.0.2",
                          "version_value": "1.21.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Matei \"Mal\" Badanoiu"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nifi.apache.org/security.html#CVE-2023-34468",
            "refsource": "MISC",
            "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
          },
          {
            "name": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/06/12/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
          },
          {
            "name": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
          },
          {
            "name": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/",
            "refsource": "MISC",
            "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
          }
        ]
      },
      "source": {
        "defect": [
          "NIFI-11653"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[0.0.2,1.22.0)",
          "affected_versions": "All versions starting from 0.0.2 before 1.22.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-06-21",
          "description": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n",
          "fixed_versions": [
            "1.22.0"
          ],
          "identifier": "CVE-2023-34468",
          "identifiers": [
            "GHSA-xm2m-2q6h-22jw",
            "CVE-2023-34468"
          ],
          "not_impacted": "All versions before 0.0.2, all versions starting from 1.22.0",
          "package_slug": "maven/org.apache.nifi/nifi-dbcp-base",
          "pubdate": "2023-06-12",
          "solution": "Upgrade to version 1.22.0 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-34468",
            "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
            "https://nifi.apache.org/security.html#CVE-2023-34468",
            "https://github.com/apache/nifi/pull/7349",
            "https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361",
            "https://issues.apache.org/jira/browse/NIFI-11653",
            "http://www.openwall.com/lists/oss-security/2023/06/12/3",
            "https://github.com/advisories/GHSA-xm2m-2q6h-22jw"
          ],
          "uuid": "53519110-82b3-4f17-b800-5eaa151c0bf3"
        },
        {
          "affected_range": "[0.0.2,1.22.0)",
          "affected_versions": "All versions starting from 0.0.2 before 1.22.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-06-21",
          "description": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n",
          "fixed_versions": [
            "1.22.0"
          ],
          "identifier": "CVE-2023-34468",
          "identifiers": [
            "GHSA-xm2m-2q6h-22jw",
            "CVE-2023-34468"
          ],
          "not_impacted": "All versions before 0.0.2, all versions starting from 1.22.0",
          "package_slug": "maven/org.apache.nifi/nifi-hikari-dbcp-service",
          "pubdate": "2023-06-12",
          "solution": "Upgrade to version 1.22.0 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-34468",
            "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
            "https://nifi.apache.org/security.html#CVE-2023-34468",
            "https://github.com/apache/nifi/pull/7349",
            "https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361",
            "https://issues.apache.org/jira/browse/NIFI-11653",
            "http://www.openwall.com/lists/oss-security/2023/06/12/3",
            "https://github.com/advisories/GHSA-xm2m-2q6h-22jw"
          ],
          "uuid": "f015bf77-f112-4a6f-9637-600e64db4785"
        },
        {
          "affected_range": "[0.0.2,1.22.0)",
          "affected_versions": "All versions starting from 0.0.2 before 1.22.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-06-21",
          "description": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n",
          "fixed_versions": [
            "1.22.0"
          ],
          "identifier": "CVE-2023-34468",
          "identifiers": [
            "CVE-2023-34468"
          ],
          "not_impacted": "All versions before 0.0.2, all versions starting from 1.22.0",
          "package_slug": "maven/org.apache.nifi/nifi",
          "pubdate": "2023-06-12",
          "solution": "Upgrade to version 1.22.0 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-34468",
            "https://nifi.apache.org/security.html#CVE-2023-34468",
            "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
            "http://www.openwall.com/lists/oss-security/2023/06/12/3"
          ],
          "uuid": "f7e92c3b-b343-467f-83e7-7aadcedd9a47"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.22.0",
                "versionStartIncluding": "0.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-34468"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nifi.apache.org/security.html#CVE-2023-34468",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
            },
            {
              "name": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/06/12/3",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
            },
            {
              "name": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
            },
            {
              "name": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-10-03T15:44Z",
      "publishedDate": "2023-06-12T16:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-34468

Vulnerability from cvelistv5

wid-sec-w-2023-1423

Vulnerability from csaf_certbund

WID-SEC-W-2023-1423

Vulnerability from csaf_certbund

ghsa-xm2m-2q6h-22jw

Vulnerability from github

CVE-2023-34468

Vulnerability from fkie_nvd

gsd-2023-34468

Vulnerability from gsd

Tags

Sightings

Nomenclature