7 matches found
CVE-2023-40037
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
CVE-2023-40037
creationtimestamp| type| source ---|---|--- 2023-08-19 02:38:35+00:00| seen| https://t.me/cibsecurity/68850 2023-11-23 22:57:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5931 2024-08-16 08:52:58+00:00| published-proof-of-concept| https://t.me/Rootsec2/2107 2024-10-28...
org.apache.nifi:nifi-jms-processors-nar (>=1.21.0 <=1.23.0) potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-jms-processors (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-jms-processors MAVEN version =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
com.hcl.commerce:commerce-search-processors (>=9.1.14.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0) +153 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-service-api (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-service-api MAVEN version =1.21.0, =9.1.14.0, =1.22.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 and more Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
CVE-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...
CVE-2023-40037
CVE-2023-40037 affects Apache NiFi versions 1.21.0 through 1.23.0, where JDBC/JNDI JMS access in several Processors and Controller Services uses connection URL validation that is insufficient against crafted inputs. An authenticated, authorized user can bypass validation by formatting inputs clev...