Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rfmp-jvr7-hx78

Опубликовано: 06 янв. 2022
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

Inadequate Encryption Strength in Apache NiFi

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

Ссылки

Пакеты

Наименование

org.apache.nifi:nifi

maven
Затронутые версииВерсия исправления

>= 1.2.0, <= 1.11.4

1.12.0-RC1

EPSS

Процентиль: 86%
0.02825
Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-9491

Дефекты

CWE-327

Связанные уязвимости

nvd логотип

CVE-2020-9491

CVSS3: 7.5
nvd
больше 5 лет назад

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

EPSS

Процентиль: 86%
0.02825
Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-9491

Дефекты

CWE-327