Access Control: Apache NiFi - Remote Code Execution¶
Identifier:
apache_nifi_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Apache NiFi has unauthorized remote command execution vulnerabilities that allow attackers to execute arbitrary commands on the system.
How we test: We test for remote code execution vulnerabilities in Apache NiFi by attempting to execute commands through the API and analyzing responses to detect if unauthorized command execution is possible.
Reference:
- https://github.com/imjdl/Apache-NiFi-Api-RCE
- https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
- https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.