Skip to content

CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi

Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2023-34468

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Additional Resources:

Thanks h00die for writing the Metasploit module and including me as the discoverer.

Awesome blogpost from David "ExceptionFactory" Handermann offering a developer's perspective on CVE-2023-34468 and CVE-2023-40037.

CVE-2023-40037: Incomplete Validation of JDBC and JNDI Connection URLs in Apache NiFi can be used to bypass security measures implemented for CVE-2023-34468 resulting in RCE for versions of Apache NiFi <= 1.23.0.

About

CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi

Topics

Resources

Stars

Watchers

Forks