CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49145

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.4%

CVSS Severity

CVSS v3 Score 7.9

References

Products affected by CVE-2023-49145

Apache » Nifi » Version: 0.7.0

cpe:2.3:a:apache:nifi:0.7.0
Apache » Nifi » Version: 0.7.1

cpe:2.3:a:apache:nifi:0.7.1
Apache » Nifi » Version: 0.7.2

cpe:2.3:a:apache:nifi:0.7.2
Apache » Nifi » Version: 0.7.3

cpe:2.3:a:apache:nifi:0.7.3
Apache » Nifi » Version: 0.7.4

cpe:2.3:a:apache:nifi:0.7.4
Apache » Nifi » Version: 1.0.0

cpe:2.3:a:apache:nifi:1.0.0
Apache » Nifi » Version: 1.0.1

cpe:2.3:a:apache:nifi:1.0.1
Apache » Nifi » Version: 1.1.0

cpe:2.3:a:apache:nifi:1.1.0
Apache » Nifi » Version: 1.1.1

cpe:2.3:a:apache:nifi:1.1.1
Apache » Nifi » Version: 1.1.2

cpe:2.3:a:apache:nifi:1.1.2
Apache » Nifi » Version: 1.10.0

cpe:2.3:a:apache:nifi:1.10.0
Apache » Nifi » Version: 1.11.0

cpe:2.3:a:apache:nifi:1.11.0
Apache » Nifi » Version: 1.11.1

cpe:2.3:a:apache:nifi:1.11.1
Apache » Nifi » Version: 1.11.2

cpe:2.3:a:apache:nifi:1.11.2
Apache » Nifi » Version: 1.11.3

cpe:2.3:a:apache:nifi:1.11.3
Apache » Nifi » Version: 1.11.4

cpe:2.3:a:apache:nifi:1.11.4
Apache » Nifi » Version: 1.12.0

cpe:2.3:a:apache:nifi:1.12.0
Apache » Nifi » Version: 1.12.1

cpe:2.3:a:apache:nifi:1.12.1
Apache » Nifi » Version: 1.13.0

cpe:2.3:a:apache:nifi:1.13.0
Apache » Nifi » Version: 1.13.1

cpe:2.3:a:apache:nifi:1.13.1
Apache » Nifi » Version: 1.13.2

cpe:2.3:a:apache:nifi:1.13.2
Apache » Nifi » Version: 1.14.0

cpe:2.3:a:apache:nifi:1.14.0
Apache » Nifi » Version: 1.15.0

cpe:2.3:a:apache:nifi:1.15.0
Apache » Nifi » Version: 1.15.3

cpe:2.3:a:apache:nifi:1.15.3
Apache » Nifi » Version: 1.16.0

cpe:2.3:a:apache:nifi:1.16.0
Apache » Nifi » Version: 1.16.1

cpe:2.3:a:apache:nifi:1.16.1
Apache » Nifi » Version: 1.16.2

cpe:2.3:a:apache:nifi:1.16.2
Apache » Nifi » Version: 1.16.3

cpe:2.3:a:apache:nifi:1.16.3
Apache » Nifi » Version: 1.17.0

cpe:2.3:a:apache:nifi:1.17.0
Apache » Nifi » Version: 1.18.0

cpe:2.3:a:apache:nifi:1.18.0
Apache » Nifi » Version: 1.19.0

cpe:2.3:a:apache:nifi:1.19.0
Apache » Nifi » Version: 1.19.1

cpe:2.3:a:apache:nifi:1.19.1
Apache » Nifi » Version: 1.2.0

cpe:2.3:a:apache:nifi:1.2.0
Apache » Nifi » Version: 1.20.0

cpe:2.3:a:apache:nifi:1.20.0
Apache » Nifi » Version: 1.21.0

cpe:2.3:a:apache:nifi:1.21.0
Apache » Nifi » Version: 1.22.0

cpe:2.3:a:apache:nifi:1.22.0
Apache » Nifi » Version: 1.23.0

cpe:2.3:a:apache:nifi:1.23.0
Apache » Nifi » Version: 1.23.1

cpe:2.3:a:apache:nifi:1.23.1
Apache » Nifi » Version: 1.23.2

cpe:2.3:a:apache:nifi:1.23.2
Apache » Nifi » Version: 1.3.0

cpe:2.3:a:apache:nifi:1.3.0
Apache » Nifi » Version: 1.4.0

cpe:2.3:a:apache:nifi:1.4.0
Apache » Nifi » Version: 1.5.0

cpe:2.3:a:apache:nifi:1.5.0
Apache » Nifi » Version: 1.6.0

cpe:2.3:a:apache:nifi:1.6.0
Apache » Nifi » Version: 1.7.0

cpe:2.3:a:apache:nifi:1.7.0
Apache » Nifi » Version: 1.7.1

cpe:2.3:a:apache:nifi:1.7.1
Apache » Nifi » Version: 1.8.0

cpe:2.3:a:apache:nifi:1.8.0
Apache » Nifi » Version: 1.9.0

cpe:2.3:a:apache:nifi:1.9.0
Apache » Nifi » Version: 1.9.1

cpe:2.3:a:apache:nifi:1.9.1
Apache » Nifi » Version: 1.9.2

cpe:2.3:a:apache:nifi:1.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-49145

Products

Pricing

Contact Us