VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-u1n4-8ypj-aaae

Essentials
Severities (97)
References (8)
Severity details (13)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-u1n4-8ypj-aaae
Aliases	CVE-2023-22832 GHSA-hxjp-q6c3-38fx
Summary	XML External Entity Reference in Apache NiFi
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-611	Improper Restriction of XML External Entity Reference
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-22832
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hxjp-q6c3-38fx
cvssv3.1	4.6	https://github.com/apache/nifi
generic_textual	MODERATE	https://github.com/apache/nifi
cvssv3.1	7.5	https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
generic_textual	HIGH	https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
cvssv3.1	7.5	https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
generic_textual	HIGH	https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
ssvc	Track	https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
cvssv3.1	7.5	https://nifi.apache.org/security.html#CVE-2023-22832
generic_textual	HIGH	https://nifi.apache.org/security.html#CVE-2023-22832
ssvc	Track	https://nifi.apache.org/security.html#CVE-2023-22832
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-22832
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-22832

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-22832
		https://github.com/apache/nifi
		https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8
		https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w
		https://nifi.apache.org/security.html#CVE-2023-22832
cpe:2.3:a:apache:nifi::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi::::::::
CVE-2023-22832		https://nvd.nist.gov/vuln/detail/CVE-2023-22832
GHSA-hxjp-q6c3-38fx		https://github.com/advisories/GHSA-hxjp-q6c3-38fx

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/apache/nifi

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/nifi/commit/e966336e8966cf0cbbd12a2c4f2d73a7ceb75cd8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/ Found at https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nifi.apache.org/security.html#CVE-2023-22832

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T16:28:56Z/ Found at https://nifi.apache.org/security.html#CVE-2023-22832

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-22832

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-22832

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.47773
EPSS Score	0.00126
Published At	Dec. 27, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.