Login Sign Up

CVE-2023-22832

7.5 HIGH
XXE

📋 TL;DR

This vulnerability allows XML External Entity (XXE) attacks in Apache NiFi's ExtractCCDAAttributes Processor. Attackers can exploit this to read arbitrary files from the server or potentially cause denial of service. Organizations using vulnerable NiFi versions with this processor in their data flows are affected.

💻 Affected Systems

Products:
  • Apache NiFi
Versions: 1.2.0 through 1.19.1
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when ExtractCCDAAttributes Processor is used in data flows. The processor is not enabled by default.

📦 What is this software?

Nifi by Apache

View all CVEs affecting Nifi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via file disclosure leading to credential theft, sensitive data exposure, or remote code execution through XXE-based attacks.

🟠

Likely Case

Unauthorized file system access allowing attackers to read sensitive configuration files, credentials, or other data from the NiFi server.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation, though XXE vulnerabilities can still be leveraged for information disclosure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XXE attacks are well-understood with many public tools available. Exploitation requires the vulnerable processor to be configured and processing malicious XML.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.20.0 and later

Vendor Advisory: https://nifi.apache.org/security.html#CVE-2023-22832

Restart Required: Yes

Instructions:

1. Upgrade Apache NiFi to version 1.20.0 or later. 2. Restart NiFi services. 3. Verify the upgrade was successful.

🔧 Temporary Workarounds

Disable ExtractCCDAAttributes Processor

all

Remove or disable the vulnerable processor from all data flows

Navigate to NiFi UI > Right-click processor > Disable/Delete

Implement XML Input Validation

all

Add validation processors before ExtractCCDAAttributes to filter malicious XML

Add ValidateXML processor before vulnerable processor in flow

🧯 If You Can't Patch

  • Remove ExtractCCDAAttributes Processor from all production flows
  • Implement network segmentation to restrict access to NiFi instances

🔍 How to Verify

Check if Vulnerable:

Check NiFi version and inspect data flows for ExtractCCDAAttributes Processor usage

Check Version:

Check NiFi UI status bar or examine nifi-app.log for version information

Verify Fix Applied:

Confirm NiFi version is 1.20.0+ and processor configuration shows DTD/XXE protection enabled

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in NiFi logs
  • Errors related to XML parsing in ExtractCCDAAttributes

Network Indicators:

  • Unusual XML payloads to NiFi endpoints
  • External entity references in XML traffic

SIEM Query:

source="nifi" AND ("ExtractCCDAAttributes" OR "XXE" OR "DOCTYPE")

📊 Metadata

CVE ID: CVE-2023-22832
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-611
Published: February 10, 2023
Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22832, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)