Описание
Improper Authentication In Apache NiFi
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
Пакеты
Наименование
org.apache.nifi:nifi
maven
Затронутые версииВерсия исправления
< 0.7.2
0.7.2
Наименование
org.apache.nifi:nifi
maven
Затронутые версииВерсия исправления
>= 1.0.0, < 1.1.2
1.1.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 8 лет назад
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.