CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2
First published: Mon Jun 12 2023(Updated: )
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache NiFi | >=0.0.2<1.22.0 | |
| maven/org.apache.nifi:nifi-hikari-dbcp-service | >=0.0.2<1.22.0 | 1.22.0 |
| maven/org.apache.nifi:nifi-dbcp-base | >=0.0.2<1.22.0 | 1.22.0 |
| maven/org.apache.nifi:nifi-dbcp-service-nar | >=0.0.2<1.22.0 | 1.22.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2023/06/12/3
- https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8
- https://nifi.apache.org/security.html#CVE-2023-34468
- https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation/
- https://nvd.nist.gov/vuln/detail/CVE-2023-34468
- https://github.com/apache/nifi/pull/7349
- https://github.com/apache/nifi/commit/4faf3ea59895e7e153db3f8f61147ff70a254361
- https://issues.apache.org/jira/browse/NIFI-11653
- https://github.com/advisories/GHSA-xm2m-2q6h-22jw (Advisory)
- https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468
- https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation
Frequently Asked Questions
What is the severity of CVE-2023-34468?
The severity of CVE-2023-34468 is high.
What is the vulnerability in Apache NiFi 0.0.2 through 1.21.0?
The vulnerability in Apache NiFi 0.0.2 through 1.21.0 is the ability for an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.
How can an attacker exploit CVE-2023-34468?
An attacker can exploit CVE-2023-34468 by configuring a malicious Database URL with the H2 driver and executing custom code.
How can I fix CVE-2023-34468?
To fix CVE-2023-34468, update Apache NiFi to version 1.22.0 or later.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-34468?
The Common Weakness Enumeration (CWE) ID for CVE-2023-34468 is CWE-94.
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-xm2m-2q6h-22jw
- alias/CVE-2023-34468
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/author
- agent/description
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/first-publish-date
- agent/event
- collector/nvd-api
- agent/last-modified-date
- agent/tags
- agent/trending
- vendor/apache
- canonical/apache nifi
- version/apache nifi/0.0.2
- package-manager/maven