Cross-Site Scripting Vulnerability in Apache NiFi by Apache
CVE-2020-1933

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Apache Nifi
Vendor
CVE Published:
28 January 2020

Summary

An XSS vulnerability exists in Apache NiFi versions 1.0.0 to 1.10.0, enabling malicious scripts to be injected into the user interface via an authenticated user's actions, particularly in Firefox. Caution is advised for users of these versions to prevent potential exploitation through script injection, which bypasses security measures in specific browser contexts.

Affected Version(s)

Apache NiFi Apache NiFi 1.0.0 to 1.10.0

References

https://nifi.apache.org/security.html#CVE-2020-1933
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.