CVE-2024-56512

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 28, 2024

Updated: Feb 11, 2025

CWE ID 638

CWE ID 862

Summary

CVE-2024-56512 affects Apache NiFi versions 1.10.0 to 2.0.0, where unchecked authorization occurs during the creation of new Process Groups. The vulnerability allows authenticated users with Process Group creation permissions to access unauthorized Parameter Contexts, Controller Services, and Parameter Providers. This can lead to downloading non-sensitive Parameter values or using unauthorized components. The impact is limited to deployments with component-based authorization policies, and upgrading to Apache NiFi 2.1.0, which includes authorization checks on Process Group creation, is the recommended mitigation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Apache NiFi

Affected Vendors

Apache Software Foundation
Apache Corporation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners