CVE-2020-9486

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Nifi
Vendor: CVE Published:; 1 October 2020

Summary

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.

Affected Version(s)

Apache NiFi Apache NiFi 1.10.0 to 1.11.4

References

https://nifi.apache.org/security#CVE-2020-9486

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2020
Vulnerability Reserved
Mar 1, 2020