Severity
Low
Analysis Summary
CVE-2024-56512
Apache NiFi 1.10.0 to 2.0.0 lacked authorization checks for Parameter Contexts, Controller Services, and Parameter Providers during Process Group creation, allowing unauthorized access to components. This issue, affecting deployments with component-based policies, is resolved in version 2.1.0 by enforcing proper authorization checks.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-56512
Affected Vendors
Apache
Affected Products
- Apache NiFi 1.10.0 to 2.0.0
Remediation
Refer to Apache Website for patch, upgrade, or suggested workaround information.