Описание
Insertion of Sensitive Information into Log File in Apache NiFi Stateless
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Пакеты
Наименование
org.apache.nifi:nifi-stateless
maven
Затронутые версииВерсия исправления
>= 1.10.0, <= 1.11.4
1.12.0-RC1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 5 лет назад
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.