CVE-2023-40037

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/08/18/2	Mailing List Third Party Advisory
https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q	Mailing List
https://nifi.apache.org/security.html#CVE-2023-40037	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-18 22:15

Updated : 2023-08-23 16:59

NVD link : CVE-2023-40037

Mitre link : CVE-2023-40037

CVE.ORG link : CVE-2023-40037

JSON object : View

Products Affected

apache

nifi

CWE

CWE-697

Incorrect Comparison

CWE-184

Incomplete List of Disallowed Inputs

{"id": "CVE-2023-40037", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-08-18T22:15:10.690", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/08/18/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/bqbjlrs2p5ghh8sbk5nsxb8xpf9l687q", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://nifi.apache.org/security.html#CVE-2023-40037", "tags": ["Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-184"}]}], "descriptions": [{"lang": "en", "value": "Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.\n"}, {"lang": "es", "value": "Apache NiFi 1.21.0 hasta 1.23.0 soportan accesos JDBC y JNDI JMS en varios procesadores y servicios de controlador con validaci\u00f3n de URL de conexi\u00f3n que no proporciona suficiente protecci\u00f3n contra entradas manipuladas. Un usuario autenticado y autorizado puede eludir la validaci\u00f3n de URL de conexi\u00f3n utilizando un formato de entrada personalizado. La resoluci\u00f3n mejora la validaci\u00f3n de la URL de conexi\u00f3n e introduce la validaci\u00f3n de propiedades relacionadas adicionales. Se recomienda actualizar a Apache NiFi 1.23.1. "}], "lastModified": "2023-08-23T16:59:00.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9812B522-56BA-4506-BFBA-D2108DCAC64E", "versionEndExcluding": "1.23.1", "versionStartIncluding": "1.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}