CVE-2018-17193
https://notcve.org/view.php?id=CVE-2018-17193
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. La página de error message-page.jsp empleó el valor de la cabecera de petición HTTP X-ProxyContextPath sin sanear, lo que resulta en un ataque Cross-Site Scripting (XSS). Mitigación: La solución para analizar correctamente y sanear el valor del atributo de petición se aplicó en la distribución 1.8.0 de Apache NiFi. • https://nifi.apache.org/security.html#CVE-2018-17193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-17194
https://notcve.org/view.php?id=CVE-2018-17194
When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. Cuando una petición de cliente a un nodo del clúster se replicó a otros nodos en el clúster para verificarlos, se redireccionó el Content-Length. • https://nifi.apache.org/security.html#CVE-2018-17194 • CWE-20: Improper Input Validation •
CVE-2018-17195
https://notcve.org/view.php?id=CVE-2018-17195
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. El endpoint de la API de subida de plantillas aceptaba peticiones de diferentes dominios al enviarse junto con un ataque de suplantación de ARP y otro Man-in-the-Middle (MitM), lo que resulta en un ataque Cross-Site Request Forgery (CSRF). • https://nifi.apache.org/security.html#CVE-2018-17195 • CWE-319: Cleartext Transmission of Sensitive Information CWE-863: Incorrect Authorization •