漏洞描述
Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
apache-nifi-rce: Apache NiFi - Remote Code Execution
PoC代码[已公开]
id: apache-nifi-rce
info:
name: Apache NiFi - Remote Code Execution
author: arliya
severity: critical
description: |
Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
reference:
- https://github.com/imjdl/Apache-NiFi-Api-RCE
- https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
- https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
classification:
cpe: cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: "title:\"NiFi\""
product: nifi
vendor: apache
tags: packetstorm,apache,nifi,rce,vuln
http:
- method: GET
path:
- "{{BaseURL}}/nifi-api/process-groups/root"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "revision"
- "canRead"
- "permissions"
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: json
json:
- .id
# digest: 490a0046304402202a20508e118f1e397ce2a8ff55d3b2a2eecf13f4a1fa51fc9ed0fcc16a9ab2f3022070e2bc1197ec1b5e39f1028b587790e965339aa819224c9f6dbe1cad7dfe3751:922c64590222798bb761d5b6d8e72950