CVE-2023-34468

HIGH LAB

Apache NiFi 0.0.2-1.21.0 - Authenticated Remote Code Execution via H2 JDBC Database URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2023-34468. PoCs published by mbadanoiu, arif-s3d0, sbouabid-sec, including Metasploit module exploits/linux/http/apache_nifi_h2_rce.

AI-analyzed exploit summary This repository provides a writeup and references for CVE-2023-34468, an RCE vulnerability in Apache NiFi's DBCPConnectionPool and HikariCPConnectionPool due to improper validation of H2 database URLs. It includes links to a detailed PDF, Metasploit module, and related resources.

Description

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Exploits (7)

nomisec WRITEUP 5 stars
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2023-34468

This repository provides a writeup and references for CVE-2023-34468, an RCE vulnerability in Apache NiFi's DBCPConnectionPool and HikariCPConnectionPool due to improper validation of H2 database URLs. It includes links to a detailed PDF, Metasploit module, and related resources.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache NiFi 0.0.2 through 1.21.0
Auth required
Prerequisites: Valid user credentials · Access to configure Database URL in NiFi
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 1 stars
by arif-s3d0 · pythonpoc
https://github.com/arif-s3d0/cve/tree/master/CVE-2023-34468

This repository contains a functional exploit for CVE-2023-34468, targeting Apache NiFi versions 0.0.2 through 1.21.0. The exploit leverages the H2 database driver's JavaScript execution capability within JDBC connection strings to achieve remote code execution via a series of NiFi REST API calls.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache NiFi 0.0.2 - 1.21.0
No auth needed
Prerequisites: Network access to NiFi REST API · NiFi instance running a vulnerable version
devstral-2 · analyzed May 17, 2026 Full analysis →
nomisec WORKING POC 1 stars
by sbouabid-sec · poc
https://github.com/sbouabid-sec/CVE-2023-34468-POC

This repository contains a functional exploit for CVE-2023-34468, targeting Apache NiFi 1.21.0. The exploit leverages a DBCPConnectionPool controller service and an ExecuteSQL processor to achieve remote code execution via a crafted SQL payload delivered over HTTP.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache NiFi 1.21.0
Auth required
Prerequisites: Network access to the target NiFi instance · Valid credentials with write permissions
devstral-2 · analyzed May 18, 2026 Full analysis →
nomisec WORKING POC
by Jeanpt · poc
https://github.com/Jeanpt/CVE-2023-34468

This repository contains a functional Python exploit for CVE-2023-34468, targeting Apache NiFi versions 0.0.2 through 1.21.0. The exploit leverages H2 database connection string manipulation to achieve remote code execution via embedded JavaScript triggers.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache NiFi 0.0.2–1.21.0
No auth needed
Prerequisites: Python 3.7+ · requests library · network access to NiFi API · listener setup for reverse shell
devstral-2 · analyzed May 17, 2026 Full analysis →
nomisec WORKING POC
by Al3xx-sec · poc
https://github.com/Al3xx-sec/CVE-2023-34468-POC

This repository contains a functional exploit for CVE-2023-34468, targeting Apache NiFi 1.21.0. The exploit leverages a DBCPConnectionPool controller service and an ExecuteSQL processor to achieve remote code execution via a crafted SQL payload delivered over HTTP.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache NiFi 1.21.0
Auth required
Prerequisites: write access to the NiFi instance · network connectivity to the target
devstral-2 · analyzed May 17, 2026 Full analysis →
nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/asf__nifi_CVE-2023-34468_1-21-00

This repository appears to be a legitimate Apache NiFi project README with no exploit code. It contains documentation and setup instructions for Apache NiFi, not a PoC for CVE-2023-34468.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache NiFi
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by h00die, Matei, Badanoiu · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_nifi_h2_rce.rb

This Metasploit module exploits CVE-2023-34468 in Apache NiFi by leveraging the H2 database driver's JavaScript trigger functionality to execute arbitrary commands via a crafted JDBC connection string. It requires authentication and targets versions 0.0.2 through 1.21.0.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache NiFi 0.0.2 through 1.21.0
Auth required
Prerequisites: Authenticated access to Apache NiFi · Ability to configure Controller Services
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.7765
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull eclipse-temurin:11-jre
+4 more repos

Details

CWE
CWE-94
Status published
Products (4)
apache/nifi 0.0.2 - 1.22.0
org.apache.nifi/nifi-dbcp-base 0.0.2 - 1.22.0Maven
org.apache.nifi/nifi-dbcp-service-nar 0.0.2 - 1.22.0Maven
org.apache.nifi/nifi-hikari-dbcp-service 0.0.2 - 1.22.0Maven
Published Jun 12, 2023
Tracked Since Feb 18, 2026