Lucene search

GitHub Advisory DatabaseGHSA-XWX6-VMJ4-5RV8

HistoryOct 25, 2019 - 7:42 p.m.

Denial of service via deserialization attack in nifi

2019-10-2519:42:50

CWE-502

GitHub Advisory Database

github.com

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

22.9%

JSON

A vulnerability found in Apache NIFI before 1.5.0-RC1. Attacker can perform XXE attacks through JAXB.

Affected configurations

Vulners

Node

org.apache.nifi\Matchnifi

CPENameOperatorVersion
org.apache.nifi:nifi-framework-cluster-protocollt1.5.0

CPE	Name	Operator	Version
	org.apache.nifi:nifi-framework-cluster-protocol	lt	1.5.0

References

github.com/advisories/GHSA-xwx6-vmj4-5rv8

github.com/apache/nifi/commit/9e2c7be7d3c6a380c5f61074d9a5a690b617c3dc

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for GHSA-XWX6-VMJ4-5RV8