CWE-638
Not Using Complete Mediation
ClassDraft
Description
The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-104
CVEs mapped to this weakness (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56512 | 0.00 | — | 0.03 | Dec 28, 2024 | Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter… |
- CVE-2024-56512Dec 28, 2024risk 0.00cvss —epss 0.03
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter…