Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mbadanoiu/cve-2023-34468

CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi
https://github.com/mbadanoiu/cve-2023-34468

0-day authenticated cve cve-2023-34468 cves remote-code-execution

Last synced: about 2 months ago
JSON representation

CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi

Awesome Lists containing this project

README 

        
# CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi



The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.



### Vendor Disclosure:



The vendor's disclosure and fix for this vulnerability can be found [here](https://nifi.apache.org/security.html#CVE-2023-34468).



### Requirements:



This vulnerability requires:




- Valid user credentials



### Proof Of Concept:



More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2023-34468/blob/main/Apache%20NiFi%20-%20CVE-2023-34468.pdf).



### Additional Resources:



Thanks [h00die](https://github.com/h00die) for writing the [Metasploit module](https://www.rapid7.com/db/modules/exploit/linux/http/apache_nifi_h2_rce/) and including me as the discoverer.



Awesome [blogpost](https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468/) from David "ExceptionFactory" Handermann offering a developer's perspective on CVE-2023-34468 and CVE-2023-40037.



[CVE-2023-40037: Incomplete Validation of JDBC and JNDI Connection URLs in Apache NiFi](https://github.com/mbadanoiu/CVE-2023-40037) can be used to bypass security measures implemented for CVE-2023-34468 resulting in RCE for versions of Apache NiFi <= 1.23.0.