CVE-2023-36542

HIGH EXPLOITED IN THE WILD

Apache NiFi <1.22.0 - Authenticated RCE

Title source: llm

Description

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/asf__nifi_CVE-2023-36542_1-22-0

View Code ZIP pw:eip

References (4)

[Not Applicable] http://seclists.org/fulldisclosure/2023/Jul/43

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2023/07/29/1

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof

[Vendor Advisory] https://nifi.apache.org/security.html#CVE-2023-36542

Scores

CVSS v3 8.8

EPSS 0.0117

EPSS Percentile 78.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-18

InTheWild.io 2024-09-18

CWE

CWE-94

Status published

Products (9)

apache/nifi 0.0.2 - 1.22.0

org.apache.nifi/nifi-cdc-mysql-bundle 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-dbcp-service 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-hadoop-dbcp-service 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-hbase_2-client-service 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-hikari-dbcp-service 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-jms-processors 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-record-serialization-services 0.0.2 - 1.23.0Maven

org.apache.nifi/nifi-standard-processors 0.0.2 - 1.23.0Maven

Published Jul 29, 2023

Tracked Since Feb 18, 2026