Unauthorized Access

🗓️ 09 Jan 2025 04:32:47Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 6 Views

Apache NiFi has a vulnerability allowing unauthorized access during Process Group creation due to missing checks.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-56512	28 Dec 202406:51	–	circl
CNNVD	Apache NiFi 安全漏洞	28 Dec 202400:00	–	cnnvd
CVE	CVE-2024-56512	28 Dec 202416:18	–	cve
Cvelist	CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References	28 Dec 202416:18	–	cvelist
Github Security Blog	Apache NiFi: Missing Complete Authorization for Parameter and Service References	28 Dec 202418:30	–	github
Nuclei	Apache NiFi - Information Disclosure	3 Jun 202606:04	–	nuclei
NVD	CVE-2024-56512	28 Dec 202417:15	–	nvd
OSV	BIT-NIFI-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References	12 Sep 202511:47	–	osv
OSV	GHSA-MPJ7-7MG7-X95J Apache NiFi: Missing Complete Authorization for Parameter and Service References	28 Dec 202418:30	–	osv
Positive Technologies	PT-2024-10215 · Apache · Apache Nifi	26 Dec 202400:00	–	ptsecurity

Vulners

Node

apache nifi-web-apiRange1.10.0–2.0.0java

apache nifi-web-apiMatch1.10.0java

apache nifi-web-apiMatch1.11.0java

apache nifi-web-apiMatch1.11.1java

apache nifi-web-apiMatch1.11.2java

apache nifi-web-apiMatch1.11.3java

apache nifi-web-apiMatch1.11.4java

apache nifi-web-apiMatch1.12.0java

apache nifi-web-apiMatch1.12.1java

apache nifi-web-apiMatch1.13.0java

apache nifi-web-apiMatch1.13.1java

apache nifi-web-apiMatch1.13.2java

apache nifi-web-apiMatch1.14.0java

apache nifi-web-apiMatch1.15.0java

apache nifi-web-apiMatch1.15.1java

apache nifi-web-apiMatch1.15.2java

apache nifi-web-apiMatch1.15.3java

apache nifi-web-apiMatch1.16.0java

apache nifi-web-apiMatch1.16.1java

apache nifi-web-apiMatch1.16.2java

apache nifi-web-apiMatch1.16.3java

apache nifi-web-apiMatch1.17.0java

apache nifi-web-apiMatch1.18.0java

apache nifi-web-apiMatch1.19.0java

apache nifi-web-apiMatch1.19.1java

apache nifi-web-apiMatch1.20.0java

apache nifi-web-apiMatch1.21.0java

apache nifi-web-apiMatch1.22.0java

apache nifi-web-apiMatch1.23.0java

apache nifi-web-apiMatch1.23.1java

apache nifi-web-apiMatch1.23.2java

apache nifi-web-apiMatch1.24.0java

apache nifi-web-apiMatch1.25.0java

apache nifi-web-apiMatch1.26.0java

apache nifi-web-apiMatch1.27.0java

apache nifi-web-apiMatch1.28.0java

apache nifi-web-apiMatch1.28.1java

apache nifi-web-apiMatch2.0.0-m1java

apache nifi-web-apiMatch2.0.0-m2java

apache nifi-web-apiMatch2.0.0-m3java

apache nifi-web-apiMatch2.0.0-m4java

apache nifi-framework-clusterRange1.10.0–2.0.0java

apache nifi-framework-componentsRange1.10.0–2.0.0java

apache nifi-framework-coreRange1.10.0–2.0.0java

apache nifi-client-dtoRange1.10.0–2.0.0java

apache nifi-framework-core-apiRange1.10.0–2.0.0java

apache nifi-framework-apiRange1.10.0–2.0.0java

Source	Link
openwall	www.openwall.com/lists/oss-security/2024/12/28/1
github	www.github.com/apache/nifi/commit/f744deebf9a9effdbbff79ce6073ec329b5f45da
lists	www.lists.apache.org/thread/cjc8fns5kjsho0s7vonlnojokyfx47wn
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-56512
github	www.github.com/apache/nifi

13 Dec 2025 05:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.4

CVSS 42.1

EPSS0.37606

SSVC

apache nifi vulnerability unauthorized access fine-grained authorization parameter contexts controller services parameter providers