CVE-2023-49145 - OpenCVE

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Nifi

Configuration 1 [-]

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/11/27/5
https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o
https://nifi.apache.org/security.html#CVE-2023-49145

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-27T22:14:02.850Z

Updated: 2024-08-02T21:46:29.303Z

Reserved: 2023-11-22T19:51:06.932Z

Link: CVE-2023-49145

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-27T23:15:07.780

Modified: 2023-12-01T21:01:41.407

Link: CVE-2023-49145

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49145", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-11-22T19:51:06.932Z", "datePublished": "2023-11-27T22:14:02.850Z", "dateUpdated": "2024-08-02T21:46:29.303Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "org.apache.nifi:nifi-jolt-transform-json-ui", "product": "Apache NiFi", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.23.2", "status": "affected", "version": "0.7.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dr. Oliver Matula, DB Systel GmbH"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary\nJavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation."}], "value": "Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary\nJavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-27T22:14:02.850Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://nifi.apache.org/security.html#CVE-2023-49145"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/27/5"}], "source": {"defect": ["NIFI-12403"], "discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2023-11-22T17:00:00.000Z", "value": "reported"}, {"lang": "en", "time": "2023-11-22T18:00:00.000Z", "value": "confirmed"}, {"lang": "en", "time": "2023-11-22T20:00:00.000Z", "value": "resolved"}], "title": "Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.303Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://nifi.apache.org/security.html#CVE-2023-49145"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/27/5", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*", "matchCriteriaId": "5833EB7C-1FFC-458E-90C0-59FD98000131", "versionEndExcluding": "1.24.0", "versionStartIncluding": "0.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary\nJavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation."}, {"lang": "es", "value": "Apache NiFi 0.7.0 a 1.23.2 incluye el procesador JoltTransformJSON, que proporciona una interfaz de usuario de configuraci\u00f3n avanzada que es vulnerable a Cross Site Scripting basado en DOM. Si un usuario autenticado, que est\u00e1 autorizado a configurar un procesador JoltTransformJSON, visita una URL manipulada, entonces se puede ejecutar c\u00f3digo JavaScript arbitrario dentro del contexto de sesi\u00f3n del usuario autenticado. La mitigaci\u00f3n recomendada es actualizar a Apache NiFi 1.24.0 o 2.0.0-M1."}], "id": "CVE-2023-49145", "lastModified": "2023-12-01T21:01:41.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2023-11-27T23:15:07.780", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/11/27/5"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/j8rd0qsvgoj0khqck5f49jfbp0fm8r1o"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://nifi.apache.org/security.html#CVE-2023-49145"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@apache.org", "type": "Primary"}]}