CVE-2023-34468
UNKNOWN
Published 2023-06-12T15:09:20.711Z
Actions:
CVSS Score
V3.1
8.8
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.766
probability
of exploitation in the wild
There is a 76.6% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.984
Higher than 98.4% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.
The resolution validates the Database URL and rejects H2 JDBC locations.
You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
References
Published: 2023-06-12T15:09:20.711Z
Last Modified: 2025-02-13T16:55:36.706Z
Copied to clipboard!