CVE-2020-1942

2020-02-1121:15:11

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.6%

JSON

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.

CPENameOperatorVersion
nifieqnifi-nar-maven-plugin-1.0.0-incubating-RC3
nifieqrel/nifi-1.7.0
nifieqrel/nifi-1.5.0
nifieqrel/nifi-1.3.0
nifieqrel/nifi-1.8.0
nifieqnifi-0.3.0-RC1
nifieqnifi-0.1.0-incubating-rc13
nifieqrel/nifi-1.4.0
nifieqnifi-0.4.0
nifieqrel/nifi-1.11.0

Name	Operator	Version
nifi	eq	nifi-nar-maven-plugin-1.0.0-incubating-RC3
nifi	eq	rel/nifi-1.7.0
nifi	eq	rel/nifi-1.5.0
nifi	eq	rel/nifi-1.3.0
nifi	eq	rel/nifi-1.8.0
nifi	eq	nifi-0.3.0-RC1
nifi	eq	nifi-0.1.0-incubating-rc13
nifi	eq	rel/nifi-1.4.0
nifi	eq	nifi-0.4.0
nifi	eq	rel/nifi-1.11.0