CVE-2020-1933 – org.apache.nifi:nifi

Package

Manager: maven
Name: org.apache.nifi:nifi
Vulnerable Version: >=1.0.0 <1.11.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00638 pctl0.69593

Details

Cross-site scripting in Apache NiFi A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Metadata

Created: 2022-01-06T20:35:39Z
Modified: 2021-03-26T22:28:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-pqhq-xx62-2v2p/GHSA-pqhq-xx62-2v2p.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pqhq-xx62-2v2p
Finding: F008
Auto approve: 1