6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
52.9%
nifi-jms-processors is vulnerable to Deserialization of Untrusted Data. The vulnerability exists due to improper URL validation in JndiJmsConnectionFactoryProvider
of JndiJmsConnectionFactoryProperties.java
; if an attacker has access to the provider URL and library property configuration, they can deserialize untrusted data from a remote location using LDAP JNDI.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-jms-processors | le | 1.21.0.2.4.4.0-13 | |
nifi-jms-processors | le | 1.21.0.2.4.4.0-13 |
www.openwall.com/lists/oss-security/2023/06/12/2
github.com/advisories/GHSA-65wh-g8x8-gm2h
github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
github.com/apache/nifi/pull/7313
issues.apache.org/jira/browse/NIFI-11614
lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
nifi.apache.org/security.html#CVE-2023-34212
www.openwall.com/lists/oss-security/2023/06/12/2