9 matches found
CVE-2021-33191
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...
EUVD-2021-19906
Malware in sbrugna...
org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.28.0), org.apache.nifi.minifi:minifi-c2-assembly (>=1.22.0 <=1.28.0) +22 more potentially affected by CVE-2024-52067 via org.apache.nifi:nifi-framework-core (>=1.16.0 <=1.28.0)
org.apache.nifi:nifi-framework-core MAVEN version =1.16.0, =1.22.0, =1.22.0, =1.22.0, =0.1.0, =0.1.0, =1.22.0, =1.22.0, =0.1.0, =0.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2024-52067 Source advisory: OSV:GHSA-V3VC-6QCV-4VRX...
The vulnerability of the InvokeHTTP component in the Apache NiFi MiNiFi data processing platform, which exists due to insufficient verification of certificate authenticity, allows attackers to compromise data integrity.
The vulnerability of the InvokeHTTP component in the Apache NiFi MiNiFi data processing platform exists due to insufficient verification of certificate authenticity. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...
CVE-2023-41180
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...
CVE-2023-41180 Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...
PT-2023-6523 · Apache · Apache Nifi Minifi C++
Name of the Vulnerable Software and Affected Versions: Apache NiFi MiNiFi C++ versions 0.13 through 0.14 Description: The issue is related to incorrect certificate validation in the InvokeHTTP component, allowing an intermediary to present a forged certificate during TLS handshake negotiation. Th...
CVE-2021-33191
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...
org.apache.nifi.minifi:minifi-assembly (>=1.14.0 <=1.28.1), org.apache.nifi.minifi:minifi-c2-assembly (>=0.2.0 <=1.28.1) +27 more potentially affected by CVE-2017-15703 via org.apache.nifi:nifi-framework-cluster-protocol (>=0.0.1-incubating <=1.4.0)
org.apache.nifi:nifi-framework-cluster-protocol MAVEN version =0.0.1-incubating, =1.14.0, =0.2.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =1.14.0, =1.14.0, =0.0.1, =0.0.1, =1.0.0, =0.0.1-incubating, =1.0.0, =0.0.1-incubating, =0.0.1-incubating, =1.15.3 and more Source cves: CVE-2017-15703 Source advisory...