gsd-2022-26850
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-26850",
"description": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
"id": "GSD-2022-26850"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-26850"
],
"details": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
"id": "GSD-2022-26850",
"modified": "2023-12-13T01:19:39.009427Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-26850",
"STATE": "PUBLIC",
"TITLE": "Insufficiently protected credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NiFi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "NiFi",
"version_value": "1.14.0 to 1.15.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently protected credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nifi.apache.org/security.html#CVE-2022-26850",
"refsource": "MISC",
"url": "https://nifi.apache.org/security.html#CVE-2022-26850"
},
{
"name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
}
]
},
"source": {
"defect": [
"NIFI-9785"
],
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.15.3]",
"affected_versions": "All versions up to 1.15.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-522",
"CWE-937"
],
"date": "2022-06-20",
"description": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
"fixed_versions": [
"1.16"
],
"identifier": "CVE-2022-26850",
"identifiers": [
"GHSA-rvp4-r3g6-8hxq",
"CVE-2022-26850"
],
"not_impacted": "All versions after 1.15.3",
"package_slug": "maven/org.apache.nifi/nifi-single-user-utils",
"pubdate": "2022-06-20",
"solution": "Upgrade to version 1.16 or above.",
"title": "Insufficiently Protected Credentials",
"urls": [
"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq",
"https://nvd.nist.gov/vuln/detail/CVE-2022-26850",
"https://nifi.apache.org/security.html#CVE-2022-26850",
"http://www.openwall.com/lists/oss-security/2022/04/06/2",
"https://github.com/advisories/GHSA-rvp4-r3g6-8hxq"
],
"uuid": "aba42f11-096c-4bc5-a4b5-9461da2e5102"
},
{
"affected_range": "[1.14.0,1.16.0)",
"affected_versions": "All versions starting from 1.14.0 before 1.16.0",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2023-08-08",
"description": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.",
"fixed_versions": [
"1.16.0"
],
"identifier": "CVE-2022-26850",
"identifiers": [
"CVE-2022-26850"
],
"not_impacted": "All versions before 1.14.0, all versions starting from 1.16.0",
"package_slug": "maven/org.apache.nifi/nifi",
"pubdate": "2022-04-06",
"solution": "Upgrade to version 1.16.0 or above.",
"title": "Insufficiently Protected Credentials",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-26850",
"https://nifi.apache.org/security.html#CVE-2022-26850",
"http://www.openwall.com/lists/oss-security/2022/04/06/2"
],
"uuid": "d5b6df3f-f556-469e-98f1-72621c9d65bc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.0",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-26850"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nifi.apache.org/security.html#CVE-2022-26850",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://nifi.apache.org/security.html#CVE-2022-26850"
},
{
"name": "[oss-security] 20220406 CVE-2022-26850: Apache NiFi: Insufficiently protected credentials",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/06/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-04-14T15:57Z",
"publishedDate": "2022-04-06T18:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.