CVE-2020-1928 – org.apache.nifi:nifi-parameter

Package

Manager: maven
Name: org.apache.nifi:nifi-parameter
Vulnerable Version: =1.10.0 || >=1.10.0 <1.11.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00454 pctl0.62908

Details

Apache NiFi Insertion of Sensitive Information into Log File An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

Metadata

Created: 2022-01-06T20:40:56Z
Modified: 2023-09-25T11:29:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-w4fj-ccr6-7pcp/GHSA-w4fj-ccr6-7pcp.json
CWE IDs: ["CWE-200", "CWE-532"]
Alternative ID: GHSA-w4fj-ccr6-7pcp
Finding: F017
Auto approve: 1