Apache NiFi Registry is vulnerable to authentication bypass. During logging out, the authentication mechanism other than PKI does not invalidate the token on the server side, but only on the client side, allowing the client to make a API requests up to 12 hours after logging out.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-registry-web-api | le | 0.5.0 |