logo

Database

Improper authorization control for web services In org.apache.nifi:nifi

Description

Improper Authentication In Apache NiFi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-56352. NVD-2017-56353. OSV-2017-56354. GCVE-2017-5635

References

1. https://nifi.apache.org/security.html#CVE-2017-56352. http://www.securityfocus.com/bid/96730

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.