CVE-2023-40037

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 18, 2023

Updated: Aug 23, 2023

CWE ID 697

CWE ID 184

Summary

CVE-2023-40037 affects Apache NiFi versions 1.21.0 through 1.23.0, where JDBC and JNDI JMS access in certain Processors and Controller Services feature inadequate connection URL validation. An authenticated and authorized user is able to bypass this validation using crafted input formatting. The vulnerability is resolved by enhancing connection URL validation and introducing additional property validation in Apache NiFi 1.23.1. Upgrading to this version is the recommended mitigation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRDgaQ
https://www.cve.org/CVERecord?id=CVE-2023-40037
https://nvd.nist.gov/vuln/detail/CVE-2023-40037

Back to Vulnerability Database

CVE-2023-40037

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations