Main Vulnerability Database Exploits ID:11053 - Exploit for Missing Authorization in Apache Nifi - CVE-2024-56512

ID:11053 - Exploit for Missing Authorization in Apache Nifi - CVE-2024-56512

Published: January 10, 2025

Vulnerability identifier: #VU101976

Vulnerability risk: Low

CVE-ID: CVE-2024-56512

CWE-ID: CWE-862

Exploitation vector: Remote access

Vulnerable software:
Apache Nifi

Link to public exploit:

https://github.com/absholi7ly/CVE-2024-56512-Apache-NiFi-Exploit

Vulnerability description

The vulnerability allows a remote user to bypass certain security restrictions.

The vulnerability exists due to missing authorization checks for parameters context when creating process groups. A remote authenticated user with privileges to create process groups can bypass authorization checks by not referencing parameter values and gain access to sensitive information.

Remediation

Install updates from vendor's website.

ID:11053 - Exploit for Missing Authorization in Apache Nifi - CVE-2024-56512

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human