Specialists from the IB-company Cyfirmma have identified a dangerous vulnerability in Apache NIFI that could lead to unauthorized access and data theft. Apache NIFI is an open-source tool for data integration and automation used for processing and distributing data. Cyfirmma has discovered about 2700 copies of Apache NIFI available on the internet in various sectors, including finances, government, healthcare, telecommunications, and others.
The vulnerability, known as CVE-2023-34468 with a CVSS rating of 8.8, was successfully eliminated in June 2023. This vulnerability allowed an authenticated attacker to manipulate the Apache NIFI configuration, potentially causing error or unauthorized access.
It is important to note the significance of URLs in internet usage. Initially, URLs were created to indicate the location of various files on the internet. However, over time, URLs began to be used to designate the addresses of all resources, regardless of their type.