Описание
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.0.1 (включая) до 1.11.0 (включая)
cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 7.5
github
около 4 лет назад
Insertion of Sensitive Information into Log File in Apache NiFi
EPSS
Процентиль: 38%
0.00165
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-532