漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Neutralization of Command Elements in Shell User Group Provider
Vulnerability Description
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Apache NiFi 操作系统命令注入漏洞
Vulnerability Description
Apache NiFi是美国阿帕奇(Apache)基金会的一套数据处理和分发系统。该系统主要用于数据路由、转换和系统中介逻辑。Apache NiFi Registry是其中的一个用于存储和管理版本化流程的注册表。 Apache NiFi 1.10.0版本至1.16.2版本、Apache NiFi Registry 0.6.0版本至1.16.2版本存在安全漏洞。攻击者利用该漏洞在Linux和macOS平台上注入操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A