Cybersecurity firm Cyfirma has warned about a high-severity remote code execution (RCE) vulnerability in Apache NiFi that can lead to unauthorized access and data breaches. Tracked as CVE-2023-34468, the vulnerability was addressed in June 2023 but remains a threat. It can be exploited by authenticated users to configure a database URL with the H2 driver, enabling custom code execution. The bug impacts NiFi versions 0.0.2 through 1.21.0 and was addressed with the release of NiFi version 1.22.0, which disables H2 JDBC URLs in the default configuration. Cyfirma has observed cyber actors actively discussing or exploiting the vulnerability on the dark web.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.