Vulnerability-Lookup

WID-SEC-W-2023-1423

Vulnerability from csaf_certbund - Published: 2023-06-12 22:00 - Updated: 2026-05-10 22:00

Summary

Apache Nifi: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Nifi ist ein System zur Verarbeitung und Verteilung von Daten. Es unterstützt skalierbare gerichtete Graphen der Datenweiterleitung, -transformation und Systemvermittlungslogik.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Nifi ausnutzen, um beliebigen Programmcode auszuführen und weitere, nicht spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2023-34468

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apache Nifi <1.22.0 Apache / Nifi		<1.22.0

CVE-2023-34212

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apache Nifi <1.22.0 Apache / Nifi		<1.22.0

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://nifi.apache.org/security.html	external
https://github.com/Al3xx-sec/CVE-2023-34468-POC	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Nifi ist ein System zur Verarbeitung und Verteilung von Daten. Es unterst\u00fctzt skalierbare gerichtete Graphen der Datenweiterleitung, -transformation und Systemvermittlungslogik.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Nifi ausnutzen, um beliebigen Programmcode auszuf\u00fchren und weitere, nicht spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1423 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1423.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1423 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1423"
      },
      {
        "category": "external",
        "summary": "Apache nifi Security vom 2023-06-12",
        "url": "https://nifi.apache.org/security.html"
      },
      {
        "category": "external",
        "summary": "PoC auf GitHub vom 2026-05-10",
        "url": "https://github.com/Al3xx-sec/CVE-2023-34468-POC"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Nifi: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-10T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-11T08:00:55.836+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-1423",
      "initial_release_date": "2023-06-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.22.0",
                "product": {
                  "name": "Apache Nifi \u003c1.22.0",
                  "product_id": "T028055"
                }
              },
              {
                "category": "product_version",
                "name": "1.22.0",
                "product": {
                  "name": "Apache Nifi 1.22.0",
                  "product_id": "T028055-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:nifi:1.22.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nifi"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-34468",
      "product_status": {
        "known_affected": [
          "T028055"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2023-34468"
    },
    {
      "cve": "CVE-2023-34212",
      "product_status": {
        "known_affected": [
          "T028055"
        ]
      },
      "release_date": "2023-06-12T22:00:00.000+00:00",
      "title": "CVE-2023-34212"
    }
  ]
}

CVE-2023-34212 (GCVE-0-2023-34212)

Vulnerability from cvelistv5 – Published: 2023-06-12 15:14 – Updated: 2025-02-13 16:55

Title

Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

Summary

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

3 references

URL	Tags
https://nifi.apache.org/security.html#CVE-2023-34212	release-notes
https://lists.apache.org/thread/w5rm46fxmvxy216tg…	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/06/12/2

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache NiFi	Affected: 1.8.0 , ≤ 1.21.0 (semver)

Credits

Veraxy00 of Qianxin TI Center Matei "Mal" Badanoiu

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:01:54.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://nifi.apache.org/security.html#CVE-2023-34212"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/12/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34212",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T13:37:27.959635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T13:39:18.394Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache NiFi",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.21.0",
              "status": "affected",
              "version": "1.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Veraxy00 of Qianxin TI Center"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Matei \"Mal\" Badanoiu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.\u003c/div\u003e\u003cdiv\u003eThe resolution validates the JNDI URL and restricts locations to a set of allowed schemes.\u003c/div\u003e\u003cdiv\u003eYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.\n\nThe resolution validates the JNDI URL and restricts locations to a set of allowed schemes.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T15:15:13.712Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://nifi.apache.org/security.html#CVE-2023-34212"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/12/2"
        }
      ],
      "source": {
        "defect": [
          "NIFI-11614"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-28T08:00:00.000Z",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2023-05-29T06:00:00.000Z",
          "value": "confirmed"
        },
        {
          "lang": "en",
          "time": "2023-06-01T00:00:00.000Z",
          "value": "resolved"
        }
      ],
      "title": "Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-34212",
    "datePublished": "2023-06-12T15:14:06.990Z",
    "dateReserved": "2023-05-30T16:13:48.779Z",
    "dateUpdated": "2025-02-13T16:55:23.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-34468 (GCVE-0-2023-34468)

Vulnerability from cvelistv5 – Published: 2023-06-12 15:09 – Updated: 2025-02-13 16:55

Title

Apache NiFi: Potential Code Injection with Database Services using H2

Summary

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

apache

References

5 references

URL	Tags
https://nifi.apache.org/security.html#CVE-2023-34468	release-notes
https://lists.apache.org/thread/7b82l4f5blmpkfcyn…	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/06/12/3
http://packetstormsecurity.com/files/174398/Apach…
https://www.cyfirma.com/outofband/apache-nifi-cve…

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache NiFi	Affected: 0.0.2 , ≤ 1.21.0 (semver)
apache	nifi	Affected: 0.0.2 , ≤ 1.21.0 (custom) cpe:2.3:a:apache:nifi::::::::

Credits

Matei "Mal" Badanoiu

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:10:07.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nifi",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "1.21.0",
                "status": "affected",
                "version": "0.0.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-34468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T20:21:50.926008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T20:27:24.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache NiFi",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.21.0",
              "status": "affected",
              "version": "0.0.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matei \"Mal\" Badanoiu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\u003c/div\u003e\u003cdiv\u003eThe resolution validates the Database URL and rejects H2 JDBC locations.\u003c/div\u003e\u003cdiv\u003eYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-28T21:01:53.253Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://nifi.apache.org/security.html#CVE-2023-34468"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html"
        },
        {
          "url": "https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/"
        }
      ],
      "source": {
        "defect": [
          "NIFI-11653"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-06T01:00:00.000Z",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2023-06-06T09:00:00.000Z",
          "value": "confirmed"
        },
        {
          "lang": "en",
          "time": "2023-06-06T09:00:00.000Z",
          "value": "resolved"
        }
      ],
      "title": "Apache NiFi: Potential Code Injection with Database Services using H2",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-34468",
    "datePublished": "2023-06-12T15:09:20.711Z",
    "dateReserved": "2023-06-06T17:30:23.654Z",
    "dateUpdated": "2025-02-13T16:55:36.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-1423

CVE-2023-34212 (GCVE-0-2023-34212)

CVE-2023-34468 (GCVE-0-2023-34468)

Tags

Sightings

Nomenclature