Main Vulnerability Database Vulnerabilities #VU101976

#VU101976 Missing Authorization in Apache Nifi - CVE-2024-56512

Published: December 28, 2024 / Updated: January 10, 2025

Vulnerability identifier: #VU101976

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2024-56512

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Apache Nifi

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to bypass certain security restrictions.

The vulnerability exists due to missing authorization checks for parameters context when creating process groups. A remote authenticated user with privileges to create process groups can bypass authorization checks by not referencing parameter values and gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/skjxd4899mhvytq9lpvrlwhprt09c2dd

#VU101976 Missing Authorization in Apache Nifi - CVE-2024-56512

Description

Remediation

External links

Please verify you're human