nuclei-templates/http/vulnerabilities/apache/apache-nifi-rce.yaml

id: apache-nifi-rce

info:
  name: Apache NiFi  - Remote Code Execution
  author: arliya
  severity: critical
  description: |
    Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
  reference:
    - https://github.com/imjdl/Apache-NiFi-Api-RCE
    - https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
    - https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
  classification:
    cpe: cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: "title:\"NiFi\""
    product: nifi
    vendor: apache
  tags: packetstorm,apache,nifi,rce

http:
  - method: GET
    path:
      - "{{BaseURL}}/nifi-api/process-groups/root"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "revision"
          - "canRead"
          - "permissions"
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        json:
          - .id
# digest: 4a0a00473045022100edae76cef80904808f0adf5cc3db8f2879acba8158ef72546dc2aff25d63dfc702202f4f620200f8c3dcbd7e288072bedc19a0d5acbe3e0b13b72c92feb2f23d5dc7:922c64590222798bb761d5b6d8e72950
Create Apache NIFI API RCE (#6765) * Create Apache nifi API RCE * fix template * misc metadata update * Update apache-nifi-rce.yaml --------- Co-authored-by: arliya <armandhenewpy@gmail.com> Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-01-19 17:52:17 +00:00			`id: apache-nifi-rce`

			`info:`
			`name: Apache NiFi - Remote Code Execution`
			`author: arliya`
			`severity: critical`
			`description: \|`
			`Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.`
			`reference:`
			`- https://github.com/imjdl/Apache-NiFi-Api-RCE`
			`- https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway`
			`- https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt`
Fix classification Fix classification 2024-09-10 09:08:16 +00:00			`classification:`
			`cpe: cpe:2.3:a:apache:nifi::::::::`
Create Apache NIFI API RCE (#6765) * Create Apache nifi API RCE * fix template * misc metadata update * Update apache-nifi-rce.yaml --------- Co-authored-by: arliya <armandhenewpy@gmail.com> Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-01-19 17:52:17 +00:00			`metadata:`
			`verified: true`
TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] :robot: 2024-01-29 11:58:34 +00:00			`max-request: 1`
			`shodan-query: "title:\"NiFi\""`
Add missing cpes Added missing cpes 2024-09-10 08:22:50 +00:00			`product: nifi`
			`vendor: apache`
TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] :robot: 2024-01-29 11:58:34 +00:00			`tags: packetstorm,apache,nifi,rce`
Create Apache NIFI API RCE (#6765) * Create Apache nifi API RCE * fix template * misc metadata update * Update apache-nifi-rce.yaml --------- Co-authored-by: arliya <armandhenewpy@gmail.com> Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-01-19 17:52:17 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/nifi-api/process-groups/root"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "revision"`
			`- "canRead"`
			`- "permissions"`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "application/json"`

			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: json`
			`json:`
Auto Template Signing [Fri Jan 19 17:54:35 UTC 2024] :robot: 2024-01-19 17:54:35 +00:00			`- .id`
chore: sign templates 🤖 2024-09-12 05:14:01 +00:00			`# digest: 4a0a00473045022100edae76cef80904808f0adf5cc3db8f2879acba8158ef72546dc2aff25d63dfc702202f4f620200f8c3dcbd7e288072bedc19a0d5acbe3e0b13b72c92feb2f23d5dc7:922c64590222798bb761d5b6d8e72950`