CVE-2017-7667 – org.apache.nifi:nifi

Package

Manager: maven
Name: org.apache.nifi:nifi
Vulnerable Version: >=0 <0.7.4 || >=1.0.0 <1.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00397 pctl0.59693

Details

Origin Validation Error in Apache NiFi Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

Metadata

Created: 2022-05-17T02:40:53Z
Modified: 2022-11-01T22:33:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jvx9-rj3w-jq99/GHSA-jvx9-rj3w-jq99.json
CWE IDs: ["CWE-346"]
Alternative ID: GHSA-jvx9-rj3w-jq99
Finding: F086
Auto approve: 1