Количество 3
Количество 3
CVE-2025-27017
Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.
GHSA-35gq-cvrm-xf94
Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record
BDU:2025-02796
Уязвимость платформы обработки данных Apache NiFi, связанная с утечкой имени пользователя и пароля, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-27017 Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records. | CVSS3: 6.5 | 0% Низкий | 11 месяцев назад |
| GHSA-35gq-cvrm-xf94 Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record | CVSS3: 6.5 | 0% Низкий | 11 месяцев назад |
 | BDU:2025-02796 Уязвимость платформы обработки данных Apache NiFi, связанная с утечкой имени пользователя и пароля, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 6.8 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу