Security researcher Matei “Mal” Badanoiu recently disclosed a proof-of-concept (PoC) of a patched code execution vulnerability (CVE-2023-34212) that affects Apache NiFi. This flaw, assigned a CVSS score of 6.5, enables remote code execution (RCE) by exploiting a Java deserialization vulnerability through JNDI/LDAP.
The vulnerability specifically impacts Apache NiFi versions 1.8.0 through 1.21.0. Organizations utilizing these versions are strongly advised to upgrade to NiFi 1.22.0 or a later version immediately.
Vulnerability Details
The vulnerability resides in multiple JMS/JNDI components within Apache NiFi, including the “JndiJmsConnectionFactoryProvider” Controller Service and the “ConsumeJMS” Processor. An authenticated and authorized user can exploit this flaw by crafting a malicious JNDI URL that points to a specially crafted Clojure JAR file. When this JAR file is deserialized, it can execute arbitrary Java code on the vulnerable NiFi instance.
Consequences of Exploitation
The successful exploitation of this vulnerability could have severe consequences for organizations relying on Apache NiFi. Attackers could execute arbitrary code on vulnerable NiFi instances, potentially leading to unauthorized access, data theft, or even system compromise.
Proof-of-Concept Exploit
Badanoiu has released a proof-of-concept (PoC) exploit demonstrating the exploitability of the CVE-2023-34212 vulnerability. This PoC serves as a reminder of the potential severity of this flaw and emphasizes the urgency of patching affected systems.
According to the researcher, although only the “JndiJmsConnectionFactoryProvider” Controller Service and “ConsumeJMS” Processor were tested for this vulnerability, it is possible that more components may be vulnerable to this attack.
Mitigation
To mitigate this vulnerability, organizations should upgrade to Apache NiFi 1.22.0 or a later version. This updated version validates JNDI URLs and restricts locations to a set of allowed schemes, effectively eliminating the attack vector.
Additionally, implementing strict access controls and limiting access to sensitive data can further enhance the security posture of organizations using Apache NiFi.
It is crucial for organizations to prioritize the patching of vulnerable systems to prevent potential exploitation and protect their sensitive data and infrastructure.
