Skip to content
Nuclei Templates

Apache NiFi - Information Disclosure

ID: CVE-2024-56512

Severity: medium

Author: DhiyaneshDK

Tags: cve,cve2024,nifi,exposure

Description

Section titled “Description”

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. Missing authorization for a bound Parameter Context enabled clients to download non-sensitive Parameter values after creating the Process Group.

YAML Source

Section titled “YAML Source”
id: CVE-2024-56512


info:
  name: Apache NiFi - Information Disclosure
  author: DhiyaneshDK
  severity: medium
  description: |
    Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. Missing authorization for a bound Parameter Context enabled clients to download non-sensitive Parameter values after creating the Process Group.
  reference:
    - https://lists.apache.org/thread/cjc8fns5kjsho0s7vonlnojokyfx47wn
    - http://www.openwall.com/lists/oss-security/2024/12/28/1
    - https://github.com/absholi7ly/CVE-2024-56512-Apache-NiFi-Exploit/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-56512
  classification:
    cve-id: CVE-2024-56512
    epss-score: 0.00043
    epss-percentile: 0.11049
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Nifi"
  tags: cve,cve2024,nifi,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}{{path}}"


    payloads:
      path:
        - /nifi-api/flow/process-groups/root
        - /nifi-api/controller/config


    matchers-condition: or
    matchers:
      - type: dsl
        name: process-group-information
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "processGroupFlow", "breadcrumb")'
          - 'status_code == 200'
        condition: and


      - type: dsl
        name: config-information
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "maxTimerDrivenThreadCount", "maxEventDrivenThreadCount")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a0047304502207c9234543a69bc947cfc9548b35f573c32be7edac9bdd6ff5db61a26d00082f9022100fd4311618fbb18d9a619f2cb0a83f97afde2225dbb0f499b75380235a2225264:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-56512.yaml"

View on Github