cvelistv5 - cve-2022-26850

CVE-2022-26850 (GCVE-0-2022-26850)

Vulnerability from cvelistv5 – Published: 2022-04-06 17:40 – Updated: 2024-08-03 05:11

Summary

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.

Severity ?

No CVSS data available.

CWE

Insufficiently protected credentials

Assigner

apache

References

URL

Tags

	https://nifi.apache.org/security.html#CVE-2022-26850	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/04/06/2	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache NiFi	Affected: NiFi 1.14.0 to 1.15.3

Credits

This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:45.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
          },
          {
            "name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache NiFi",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "NiFi 1.14.0 to 1.15.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficiently protected credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-06T20:06:16",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
        },
        {
          "name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
        }
      ],
      "source": {
        "defect": [
          "NIFI-9785"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Insufficiently protected credentials",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-26850",
          "STATE": "PUBLIC",
          "TITLE": "Insufficiently protected credentials"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache NiFi",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "NiFi",
                            "version_value": "1.14.0 to 1.15.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficiently protected credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nifi.apache.org/security.html#CVE-2022-26850",
              "refsource": "MISC",
              "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
            },
            {
              "name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
            }
          ]
        },
        "source": {
          "defect": [
            "NIFI-9785"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-26850",
    "datePublished": "2022-04-06T17:40:09",
    "dateReserved": "2022-03-10T00:00:00",
    "dateUpdated": "2024-08-03T05:11:45.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.14.0\", \"versionEndExcluding\": \"1.16.0\", \"matchCriteriaId\": \"9463A679-D716-4CD8-8EFA-E4C8E76B3E91\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.\"}, {\"lang\": \"es\", \"value\": \"Cuando son creadas o actualizadas las credenciales para el acceso de un solo usuario, Apache NiFi escribe una copia de la configuraci\\u00f3n de los proveedores de identidad de inicio de sesi\\u00f3n en el directorio temporal del sistema operativo. En la mayor\\u00eda de las plataformas, el directorio temporal del sistema operativo presenta permisos de lectura globales. NiFi movi\\u00f3 inmediatamente el archivo temporal al directorio de configuraci\\u00f3n final, lo que limit\\u00f3 significativamente la ventana de oportunidad de acceso. NiFi versi\\u00f3n 1.16.0 incluye actualizaciones para sustituir la configuraci\\u00f3n de los proveedores de identidad de inicio de sesi\\u00f3n sin escribir un archivo en el directorio temporal del sistema operativo\"}]",
      "id": "CVE-2022-26850",
      "lastModified": "2024-11-21T06:54:38.647",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-04-06T18:15:09.047",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/06/2\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://nifi.apache.org/security.html#CVE-2022-26850\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/06/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://nifi.apache.org/security.html#CVE-2022-26850\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26850\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-04-06T18:15:09.047\",\"lastModified\":\"2024-11-21T06:54:38.647\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.\"},{\"lang\":\"es\",\"value\":\"Cuando son creadas o actualizadas las credenciales para el acceso de un solo usuario, Apache NiFi escribe una copia de la configuraci\u00f3n de los proveedores de identidad de inicio de sesi\u00f3n en el directorio temporal del sistema operativo. En la mayor\u00eda de las plataformas, el directorio temporal del sistema operativo presenta permisos de lectura globales. NiFi movi\u00f3 inmediatamente el archivo temporal al directorio de configuraci\u00f3n final, lo que limit\u00f3 significativamente la ventana de oportunidad de acceso. NiFi versi\u00f3n 1.16.0 incluye actualizaciones para sustituir la configuraci\u00f3n de los proveedores de identidad de inicio de sesi\u00f3n sin escribir un archivo en el directorio temporal del sistema operativo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.16.0\",\"matchCriteriaId\":\"9463A679-D716-4CD8-8EFA-E4C8E76B3E91\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/06/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nifi.apache.org/security.html#CVE-2022-26850\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/06/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nifi.apache.org/security.html#CVE-2022-26850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2022-26850

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-26850

Aliases

CVE-2022-26850

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-26850",
    "description": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
    "id": "GSD-2022-26850"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26850"
      ],
      "details": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
      "id": "GSD-2022-26850",
      "modified": "2023-12-13T01:19:39.009427Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-26850",
        "STATE": "PUBLIC",
        "TITLE": "Insufficiently protected credentials"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache NiFi",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_name": "NiFi",
                          "version_value": "1.14.0 to 1.15.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "moderate"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insufficiently protected credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nifi.apache.org/security.html#CVE-2022-26850",
            "refsource": "MISC",
            "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
          },
          {
            "name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
          }
        ]
      },
      "source": {
        "defect": [
          "NIFI-9785"
        ],
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.15.3]",
          "affected_versions": "All versions up to 1.15.3",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-522",
            "CWE-937"
          ],
          "date": "2022-06-20",
          "description": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
          "fixed_versions": [
            "1.16"
          ],
          "identifier": "CVE-2022-26850",
          "identifiers": [
            "GHSA-rvp4-r3g6-8hxq",
            "CVE-2022-26850"
          ],
          "not_impacted": "All versions after 1.15.3",
          "package_slug": "maven/org.apache.nifi/nifi-single-user-utils",
          "pubdate": "2022-06-20",
          "solution": "Upgrade to version 1.16 or above.",
          "title": "Insufficiently Protected Credentials",
          "urls": [
            "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-26850",
            "https://nifi.apache.org/security.html#CVE-2022-26850",
            "http://www.openwall.com/lists/oss-security/2022/04/06/2",
            "https://github.com/advisories/GHSA-rvp4-r3g6-8hxq"
          ],
          "uuid": "aba42f11-096c-4bc5-a4b5-9461da2e5102"
        },
        {
          "affected_range": "[1.14.0,1.16.0)",
          "affected_versions": "All versions starting from 1.14.0 before 1.16.0",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-668",
            "CWE-937"
          ],
          "date": "2023-08-08",
          "description": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
          "fixed_versions": [
            "1.16.0"
          ],
          "identifier": "CVE-2022-26850",
          "identifiers": [
            "CVE-2022-26850"
          ],
          "not_impacted": "All versions before 1.14.0, all versions starting from 1.16.0",
          "package_slug": "maven/org.apache.nifi/nifi",
          "pubdate": "2022-04-06",
          "solution": "Upgrade to version 1.16.0 or above.",
          "title": "Insufficiently Protected Credentials",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-26850",
            "https://nifi.apache.org/security.html#CVE-2022-26850",
            "http://www.openwall.com/lists/oss-security/2022/04/06/2"
          ],
          "uuid": "d5b6df3f-f556-469e-98f1-72621c9d65bc"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.16.0",
                "versionStartIncluding": "1.14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-26850"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nifi.apache.org/security.html#CVE-2022-26850",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
            },
            {
              "name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-04-14T15:57Z",
      "publishedDate": "2022-04-06T18:15Z"
    }
  }
}

CNVD-2022-33109

Vulnerability from cnvd - Published: 2022-04-24

Title

Apache NiFi存在未明漏洞（CNVD-2022-33109）

Description

Apache NiFi是美国阿帕奇（Apache）基金会的一套数据处理和分发系统。该系统主要用于数据路由、转换和系统中介逻辑。 Apache NiFi存在安全漏洞，该漏洞源于在为单用户访问创建或更新凭据时，Apache NiFi将登录标识提供程序配置的副本写入操作系统的临时目录。在大多数平台上，操作系统的临时目录具有全局读取权限。Apache NiFi 1.16.0版本包含更新，以替换登录标识提供程序配置，而无需将文件写入操作系统临时目录。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Apache NiFi存在未明漏洞（CNVD-2022-33109）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://nifi.apache.org/security.html#CVE-2022-26850

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-26850

Impacted products

Name
Apache NiFi >=1.14.0，<1.16.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-26850"
    }
  },
  "description": "Apache NiFi\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u6570\u636e\u5904\u7406\u548c\u5206\u53d1\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3b\u8981\u7528\u4e8e\u6570\u636e\u8def\u7531\u3001\u8f6c\u6362\u548c\u7cfb\u7edf\u4e2d\u4ecb\u903b\u8f91\u3002\n\nApache NiFi\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4e3a\u5355\u7528\u6237\u8bbf\u95ee\u521b\u5efa\u6216\u66f4\u65b0\u51ed\u636e\u65f6\uff0cApache NiFi\u5c06\u767b\u5f55\u6807\u8bc6\u63d0\u4f9b\u7a0b\u5e8f\u914d\u7f6e\u7684\u526f\u672c\u5199\u5165\u64cd\u4f5c\u7cfb\u7edf\u7684\u4e34\u65f6\u76ee\u5f55\u3002\u5728\u5927\u591a\u6570\u5e73\u53f0\u4e0a\uff0c\u64cd\u4f5c\u7cfb\u7edf\u7684\u4e34\u65f6\u76ee\u5f55\u5177\u6709\u5168\u5c40\u8bfb\u53d6\u6743\u9650\u3002Apache NiFi 1.16.0\u7248\u672c\u5305\u542b\u66f4\u65b0\uff0c\u4ee5\u66ff\u6362\u767b\u5f55\u6807\u8bc6\u63d0\u4f9b\u7a0b\u5e8f\u914d\u7f6e\uff0c\u800c\u65e0\u9700\u5c06\u6587\u4ef6\u5199\u5165\u64cd\u4f5c\u7cfb\u7edf\u4e34\u65f6\u76ee\u5f55\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://nifi.apache.org/security.html#CVE-2022-26850",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-33109",
  "openTime": "2022-04-24",
  "patchDescription": "Apache NiFi\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u6570\u636e\u5904\u7406\u548c\u5206\u53d1\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3b\u8981\u7528\u4e8e\u6570\u636e\u8def\u7531\u3001\u8f6c\u6362\u548c\u7cfb\u7edf\u4e2d\u4ecb\u903b\u8f91\u3002\r\n\r\nApache NiFi\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4e3a\u5355\u7528\u6237\u8bbf\u95ee\u521b\u5efa\u6216\u66f4\u65b0\u51ed\u636e\u65f6\uff0cApache NiFi\u5c06\u767b\u5f55\u6807\u8bc6\u63d0\u4f9b\u7a0b\u5e8f\u914d\u7f6e\u7684\u526f\u672c\u5199\u5165\u64cd\u4f5c\u7cfb\u7edf\u7684\u4e34\u65f6\u76ee\u5f55\u3002\u5728\u5927\u591a\u6570\u5e73\u53f0\u4e0a\uff0c\u64cd\u4f5c\u7cfb\u7edf\u7684\u4e34\u65f6\u76ee\u5f55\u5177\u6709\u5168\u5c40\u8bfb\u53d6\u6743\u9650\u3002Apache NiFi 1.16.0\u7248\u672c\u5305\u542b\u66f4\u65b0\uff0c\u4ee5\u66ff\u6362\u767b\u5f55\u6807\u8bc6\u63d0\u4f9b\u7a0b\u5e8f\u914d\u7f6e\uff0c\u800c\u65e0\u9700\u5c06\u6587\u4ef6\u5199\u5165\u64cd\u4f5c\u7cfb\u7edf\u4e34\u65f6\u76ee\u5f55\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache NiFi\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-33109\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache NiFi \u003e=1.14.0\uff0c\u003c1.16.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-26850",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-07",
  "title": "Apache NiFi\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-33109\uff09"
}

GHSA-RVP4-R3G6-8HXQ

Vulnerability from github – Published: 2022-06-20 22:33 – Updated: 2023-08-08 20:30

Summary

Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils

Details

Impact

org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter contains a local information disclosure vulnerability due to writing credentials (username and password) to a file that is readable by all other users on unix-like systems. On unix-like systems, the system's temporary directory is shared between all users on that system. As such, files written to that directory without setting the correct file permissions can allow other users on that system to view the contents of the files written to those temporary files.

Source

An insecure temporary file is created here: - https://github.com/apache/nifi/blob/6a1c7c72d5b91b9ce5d5cb5b86e3155d21e2c19b/nifi-commons/nifi-single-user-utils/src/main/java/org/apache/nifi/authentication/single/user/writer/StandardLoginCredentialsWriter.java#L75

The username and password credentials are written to this file here: - https://github.com/apache/nifi/blob/6a1c7c72d5b91b9ce5d5cb5b86e3155d21e2c19b/nifi-commons/nifi-single-user-utils/src/main/java/org/apache/nifi/authentication/single/user/writer/StandardLoginCredentialsWriter.java#L85-L95

Patches

The vulnerability has been patched in version 1.16.

Prerequisites

This vulnerability impacts Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.

Workarounds

Setting the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability for all operating systems.

References

https://issues.apache.org/jira/browse/NIFI-9785
https://github.com/apache/nifi/commit/859d5fe
https://github.com/apache/nifi/pull/5856
https://nifi.apache.org/security.html#CVE-2022-26850
https://twitter.com/JLLeitschuh/status/1511736635645435904?s=20&t=I3w3zF6Y2DUvWYsEFqERjg

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.15.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.nifi:nifi-single-user-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-26850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-20T22:33:41Z",
    "nvd_published_at": "2022-04-06T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n`org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter` contains a local information disclosure vulnerability due to writing credentials (username and password) to a file that is readable by all other users on unix-like systems. On unix-like systems, the system\u0027s temporary directory is shared between all users on that system. As such, files written to that directory without setting the correct file permissions can allow other users on that system to view the contents of the files written to those temporary files.\n\n### Source\n\nAn insecure temporary file is created here:\n - https://github.com/apache/nifi/blob/6a1c7c72d5b91b9ce5d5cb5b86e3155d21e2c19b/nifi-commons/nifi-single-user-utils/src/main/java/org/apache/nifi/authentication/single/user/writer/StandardLoginCredentialsWriter.java#L75\n\nThe username and password credentials are written to this file here:\n - https://github.com/apache/nifi/blob/6a1c7c72d5b91b9ce5d5cb5b86e3155d21e2c19b/nifi-commons/nifi-single-user-utils/src/main/java/org/apache/nifi/authentication/single/user/writer/StandardLoginCredentialsWriter.java#L85-L95\n\n### Patches\n\nThe vulnerability has been patched in version `1.16`.\n\n### Prerequisites\n\nThis vulnerability impacts Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\n### Workarounds\n\nSetting the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability for all operating systems.\n\n### References\n\n - https://issues.apache.org/jira/browse/NIFI-9785\n - https://github.com/apache/nifi/commit/859d5fe\n - https://github.com/apache/nifi/pull/5856\n - https://nifi.apache.org/security.html#CVE-2022-26850\n - https://twitter.com/JLLeitschuh/status/1511736635645435904?s=20\u0026t=I3w3zF6Y2DUvWYsEFqERjg",
  "id": "GHSA-rvp4-r3g6-8hxq",
  "modified": "2023-08-08T20:30:32Z",
  "published": "2022-06-20T22:33:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26850"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/nifi/commit/859d5fe"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/nifi/commit/859d5fe8cfe05ad24600b021f0ebf15753a8105c"
    },
    {
      "type": "WEB",
      "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils"
}

FKIE_CVE-2022-26850

Vulnerability from fkie_nvd - Published: 2022-04-06 18:15 - Updated: 2024-11-21 06:54

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2022/04/06/2	Mailing List, Third Party Advisory
security@apache.org	https://nifi.apache.org/security.html#CVE-2022-26850	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/04/06/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nifi.apache.org/security.html#CVE-2022-26850	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	nifi	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9463A679-D716-4CD8-8EFA-E4C8E76B3E91",
              "versionEndExcluding": "1.16.0",
              "versionStartIncluding": "1.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
    },
    {
      "lang": "es",
      "value": "Cuando son creadas o actualizadas las credenciales para el acceso de un solo usuario, Apache NiFi escribe una copia de la configuraci\u00f3n de los proveedores de identidad de inicio de sesi\u00f3n en el directorio temporal del sistema operativo. En la mayor\u00eda de las plataformas, el directorio temporal del sistema operativo presenta permisos de lectura globales. NiFi movi\u00f3 inmediatamente el archivo temporal al directorio de configuraci\u00f3n final, lo que limit\u00f3 significativamente la ventana de oportunidad de acceso. NiFi versi\u00f3n 1.16.0 incluye actualizaciones para sustituir la configuraci\u00f3n de los proveedores de identidad de inicio de sesi\u00f3n sin escribir un archivo en el directorio temporal del sistema operativo"
    }
  ],
  "id": "CVE-2022-26850",
  "lastModified": "2024-11-21T06:54:38.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-06T18:15:09.047",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nifi.apache.org/security.html#CVE-2022-26850"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-26850 (GCVE-0-2022-26850)

GSD-2022-26850

CNVD-2022-33109

GHSA-RVP4-R3G6-8HXQ

Impact

Source

Patches

Prerequisites

Workarounds

References

FKIE_CVE-2022-26850

Tags

Sightings

Nomenclature