Apache nifi is vulnerable to unauthorized access via user impersonation attacks. The vulnerability exists due to a possible injection attack in a cluster environment, in the proxy chain’s serialization/deserialization. A malicious user can inject ><
in their username to impersonate another user to have unauthorized access on a replicated request to another node.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-web-security | le | 1.1.1 | |
nifi-web-security | le | 0.7.1 |