CVE-2023-34468

HIGH LAB

Apache Nifi < 1.22.0 - Code Injection

Title source: rule

Description

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Exploits (3)

nomisec WRITEUP 5 stars
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2023-34468
nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/asf__nifi_CVE-2023-34468_1-21-00
metasploit WORKING POC EXCELLENT
by h00die, Matei, Badanoiu · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_nifi_h2_rce.rb

References (5)

Scores

CVSS v3 8.8
EPSS 0.7781
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull eclipse-temurin:11-jre

Details

CWE
CWE-94
Status published
Products (4)
apache/nifi 0.0.2 - 1.22.0
org.apache.nifi/nifi-dbcp-base 0.0.2 - 1.22.0Maven
org.apache.nifi/nifi-dbcp-service-nar 0.0.2 - 1.22.0Maven
org.apache.nifi/nifi-hikari-dbcp-service 0.0.2 - 1.22.0Maven
Published Jun 12, 2023
Tracked Since Feb 18, 2026