PT-2017-16636 · Apache · Apache Nifi

Andy Lopresto

Publicado

2017-10-19

Atualizado

2022-05-17

CVE-2017-5636

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache NiFi versions prior to 0.7.2 Apache NiFi versions 1.x prior to 1.1.2

Description The issue allows a carefully crafted username to impersonate another user and gain their permissions on a replicated request to another node in a cluster environment. This is due to a vulnerability in the proxy chain serialization/deserialization.

Recommendations For Apache NiFi versions prior to 0.7.2, update to version 0.7.2 or later. For Apache NiFi versions 1.x prior to 1.1.2, update to version 1.1.2 or later.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2017-5636

GHSA-JRCC-7JF5-3PXG

Produtos afetados

Apache Nifi

PT-2017-16636 · Apache · Apache Nifi

CVE-2017-5636

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5