Information Disclosure Vulnerability in Apache NiFi by Apache
CVE-2020-1928

5.3MEDIUM

Key Information:

Vendor
Apache
Status
Apache Nifi
Vendor
CVE Published:
28 January 2020

Summary

An information disclosure vulnerability exists in Apache NiFi version 1.10.0 where sensitive parameters can unintentionally be logged during debugging. This flaw allows for the exposure of literal values entered in sensitive fields when no specific parameter is present, creating potential risks for sensitive data being disclosed to unauthorized individuals.

Affected Version(s)

Apache NiFi Apache NiFi 1.10.0

References

https://nifi.apache.org/security.html#CVE-2020-1928
x_refsource_CONFIRM
https://lists.apache.org/thread.html/r38a5b7943b9a62ecb85...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.