BIT-NIFI-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

Unauthorized Access

Apache NiFi is vulnerable to Unauthorized Access. The vulnerability is due to missing fine-grained authorization checks during Process Group creation, allowing attackers to access Parameter Contexts, Controller Services, and Parameter Providers without proper permissions...

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2024-56512

CVE-2024-56512 (Apache NiFi) affects NiFi 1.10.0–2.0.0, where creating a new Process Group omits fine‑grained authorization checks for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers. As a result, authenticated users with permission to create Process Groups ...

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.10.0 to 2.0.0, which stems from a lack of fine-grained...

com.hcl.commerce:commerce-search-processors (>=9.1.12.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1) +8 more potentially affected by CVE-2018-1309 via org.apache.nifi:nifi-standard-processors (>=0.2.0-incubating <=1.28.1)

org.apache.nifi:nifi-standard-processors MAVEN version =0.2.0-incubating, =9.1.12.0, =1.14.0, =1.14.0, =1.14.0, =0.2.0-incubating, =1.24.0, =1.15.0, =1.14.0, =0.10.0, =0.10.0, =0.12.0 Source cves: CVE-2018-1309 Source advisory: OSV:GHSA-42WX-65G4-5CXV...