关联漏洞
标题:
Apache NiFi 代码注入漏洞
(CVE-2023-34468)
描述:Apache NiFi是美国阿帕奇(Apache)基金会的一套数据处理和分发系统。该系统主要用于数据路由、转换和系统中介逻辑。 Apache NiFi 0.0.2版本至1.21.0版本存在代码注入漏洞,该漏洞源于允许经过身份验证和授权的用户使用支持自定义代码执行的H2驱动程序配置数据库URL。
描述
CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi
介绍
# CVE-2023-34468: Remote Code Execution via DB Components in Apache NiFi
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.
### Vendor Disclosure:
The vendor's disclosure and fix for this vulnerability can be found [here](https://nifi.apache.org/security.html#CVE-2023-34468).
### Requirements:
This vulnerability requires:
<br/>
- Valid user credentials
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2023-34468/blob/main/Apache%20NiFi%20-%20CVE-2023-34468.pdf).
### Additional Resources:
Thanks [h00die](https://github.com/h00die) for writing the [Metasploit module](https://www.rapid7.com/db/modules/exploit/linux/http/apache_nifi_h2_rce/) and including me as the discoverer.
Awesome [blogpost](https://exceptionfactory.com/posts/2023/10/07/firsthand-analysis-of-apache-nifi-vulnerability-cve-2023-34468/) from David "ExceptionFactory" Handermann offering a developer's perspective on CVE-2023-34468 and CVE-2023-40037.
[CVE-2023-40037: Incomplete Validation of JDBC and JNDI Connection URLs in Apache NiFi](https://github.com/mbadanoiu/CVE-2023-40037) can be used to bypass security measures implemented for CVE-2023-34468 resulting in RCE for versions of Apache NiFi <= 1.23.0.
文件快照
[4.0K] /data/pocs/4cfcbae71817ec092128efa873a1b8cd4f8faafc
├── [1.7M] Apache NiFi - CVE-2023-34468.pdf
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。