GoogleOSV:GHSA-W4FJ-CCR6-7PCPApache NiFi Insertion of Sensitive Information into Log File
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.nifi:nifi-parameter | eq | 1.10.0 |
References
github.com/apache/nifi
github.com/apache/nifi/commit/42cb6e84898e66672878f61f99543d6af3c0a567
github.com/apache/nifi/pull/3935
lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E
lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E
lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E
nifi.apache.org/security.html#CVE-2020-1928
nvd.nist.gov/vuln/detail/CVE-2020-1928
Related
