CVE-2022-33140
Improper Neutralization of Command Elements in Shell User Group Provider
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.
El ShellUserGroupProvider opcional en Apache NiFi versiones 1.10.0 a 1.16.2 y Apache NiFi Registry 0.6.0 a 1.16.2 no neutraliza los argumentos para los comandos de resolución de grupos, permitiendo una inyección de comandos del sistema operativo en las plataformas Linux y macOS. El ShellUserGroupProvider no está incluido en la configuración por defecto. La inyección de comandos requiere que ShellUserGroupProvider sea uno de los proveedores de grupos de usuarios habilitados en la configuración de Authorizers. La inyección de comandos también requiere un usuario Autenticado con altos privilegios. Apache NiFi requiere un usuario autenticado con autorización para modificar las políticas de acceso para poder ejecutar el comando. El Registro de Apache NiFi requiere un usuario autenticado con autorización para leer los grupos de usuarios para poder ejecutar el comando. La resolución elimina el formato del comando basado en los argumentos proporcionados por el usuario
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-13 CVE Reserved
- 2022-06-15 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr | 2022-06-23 | |
| https://nifi.apache.org/security.html#CVE-2022-33140 | 2022-06-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Nifi Search vendor "Apache" for product "Nifi" | >= 1.10.0 <= 1.16.2 Search vendor "Apache" for product "Nifi" and version " >= 1.10.0 <= 1.16.2" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Apache Search vendor "Apache" | Nifi Search vendor "Apache" for product "Nifi" | >= 1.10.0 <= 1.16.2 Search vendor "Apache" for product "Nifi" and version " >= 1.10.0 <= 1.16.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Apache Search vendor "Apache" | Nifi Registry Search vendor "Apache" for product "Nifi Registry" | >= 0.6.0 <= 1.16.2 Search vendor "Apache" for product "Nifi Registry" and version " >= 0.6.0 <= 1.16.2" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Apache Search vendor "Apache" | Nifi Registry Search vendor "Apache" for product "Nifi Registry" | >= 0.6.0 <= 1.16.2 Search vendor "Apache" for product "Nifi Registry" and version " >= 0.6.0 <= 1.16.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|