{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:26:54.923","vulnerabilities":[{"cve":{"id":"CVE-2022-33140","sourceIdentifier":"security@apache.org","published":"2022-06-15T15:15:08.050","lastModified":"2024-11-21T07:07:35.453","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments."},{"lang":"es","value":"El ShellUserGroupProvider opcional en Apache NiFi versiones 1.10.0 a 1.16.2 y Apache NiFi Registry 0.6.0 a 1.16.2 no neutraliza los argumentos para los comandos de resolución de grupos, permitiendo una inyección de comandos del sistema operativo en las plataformas Linux y macOS. El ShellUserGroupProvider no está incluido en la configuración por defecto. La inyección de comandos requiere que ShellUserGroupProvider sea uno de los proveedores de grupos de usuarios habilitados en la configuración de Authorizers. La inyección de comandos también requiere un usuario Autenticado con altos privilegios. Apache NiFi requiere un usuario autenticado con autorización para modificar las políticas de acceso para poder ejecutar el comando. El Registro de Apache NiFi requiere un usuario autenticado con autorización para leer los grupos de usuarios para poder ejecutar el comando. La resolución elimina el formato del comando basado en los argumentos proporcionados por el usuario"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.10.0","versionEndIncluding":"1.16.2","matchCriteriaId":"DF32EE88-DDE8-42A0-B231-59A08501A123"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi_registry:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6.0","versionEndIncluding":"1.16.2","matchCriteriaId":"72FE2DCA-C5F8-49F7-8C1E-B3F033CA3056"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://nifi.apache.org/security.html#CVE-2022-33140","source":"security@apache.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/bzs2pcdjsdrh5039oslmfr9mbs9qqdhr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://nifi.apache.org/security.html#CVE-2022-33140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}