CVE-2020-1928

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Nifi
Vendor: CVE Published:; 28 January 2020

Summary

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

Affected Version(s)

Apache NiFi Apache NiFi 1.10.0

References

https://nifi.apache.org/security.html#CVE-2020-1928

x_refsource_CONFIRM

https://lists.apache.org/thread.html/r38a5b7943b9a62ecb85...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2020
Vulnerability Reserved
Dec 2, 2019