Описание
Insertion of Sensitive Information into Log File in Apache NiFi
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-1942
- https://github.com/apache/nifi/pull/4028
- https://github.com/apache/nifi/commit/95746d346cddbd6134c4b28fdc39d5813a626f97
- https://github.com/apache/nifi/commit/d7c29f46378379fb596e4d1e59d1a3c41063db5b
- https://issues.apache.org/jira/browse/NIFI-7079
- https://nifi.apache.org/security.html#CVE-2020-1942
Пакеты
org.apache.nifi:nifi-framework-core
>= 0.0.1, <= 1.11.0
1.12.0-RC1
org.apache.nifi:nifi-security-utils
>= 0.0.1, <= 1.11.0
1.12.0-RC1
Связанные уязвимости
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.