// For flags

CVE-2018-17195

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

El endpoint de la API de subida de plantillas aceptaba peticiones de diferentes dominios al enviarse junto con un ataque de suplantación de ARP y otro Man-in-the-Middle (MitM), lo que resulta en un ataque Cross-Site Request Forgery (CSRF). El vector de ataque requerido es complejo y requiere un escenario con autenticación de certificados del cliente, acceso a la misma subred y la inyección de código malicioso en un sitio web sin proteger (HTTP en texto plano) que el usuario objetivo visita posteriormente, pero el posible daño garantizaba un nivel de severidad "Severo". Mitigación: La solución para aplicar la el filtrado de peticiones de la política CORS (Cross-Origin Resource Sharing) se aplicó en la versión 1.8.0 de Apache NiFi. Los usuarios que ejecuten una distribución 1.x anterior deben actualizarla a la distribución adecuada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-09-19 CVE Reserved
  • 2018-12-19 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
  • CWE-863: Incorrect Authorization
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Nifi
Search vendor "Apache" for product "Nifi"
>= 1.0.0 <= 1.7.1
Search vendor "Apache" for product "Nifi" and version " >= 1.0.0 <= 1.7.1"
-
Affected