nvd-json-data-feeds/CVE-2022/CVE-2022-331xx/CVE-2022-33140.json

{
  "id": "CVE-2022-33140",
  "sourceIdentifier": "security@apache.org",
  "published": "2022-06-15T15:15:08.050",
  "lastModified": "2022-06-23T16:46:47.737",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments."
    },
    {
      "lang": "es",
      "value": "El ShellUserGroupProvider opcional en Apache NiFi versiones 1.10.0 a 1.16.2 y Apache NiFi Registry 0.6.0 a 1.16.2 no neutraliza los argumentos para los comandos de resoluci\u00f3n de grupos, permitiendo una inyecci\u00f3n de comandos del sistema operativo en las plataformas Linux y macOS. El ShellUserGroupProvider no est\u00e1 incluido en la configuraci\u00f3n por defecto. La inyecci\u00f3n de comandos requiere que ShellUserGroupProvider sea uno de los proveedores de grupos de usuarios habilitados en la configuraci\u00f3n de Authorizers. La inyecci\u00f3n de comandos tambi\u00e9n requiere un usuario Autenticado con altos privilegios. Apache NiFi requiere un usuario autenticado con autorizaci\u00f3n para modificar las pol\u00edticas de acceso para poder ejecutar el comando. El Registro de Apache NiFi requiere un usuario autenticado con autorizaci\u00f3n para leer los grupos de usuarios para poder ejecutar el comando. La resoluci\u00f3n elimina el formato del comando basado en los argumentos proporcionados por el usuario"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    },
    {
      "source": "security@apache.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.10.0",
              "versionEndIncluding": "1.16.2",
              "matchCriteriaId": "DF32EE88-DDE8-42A0-B231-59A08501A123"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:nifi_registry:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "0.6.0",
              "versionEndIncluding": "1.16.2",
              "matchCriteriaId": "72FE2DCA-C5F8-49F7-8C1E-B3F033CA3056"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr",
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://nifi.apache.org/security.html#CVE-2022-33140",
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ]
    }
  ]
}