CVE-2020-9491

2020-10-0120:15:14

Google

osv.dev

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

CPENameOperatorVersion
nifieqrel/nifi-1.4.0
nifieqnifi-1.11.2-RC1
nifieqnifi-1.6.0-RC3
nifieqnifi-1.1.0-RC2
nifieqrel/nifi-1.11.3
nifieqrel/nifi-1.11.0
nifieqnifi-1.10.0-RC3
nifieqnifi-1.11.0-RC3
nifieqrel/nifi-1.11.2
nifieqrel/nifi-1.10.0

Name	Operator	Version
nifi	eq	rel/nifi-1.4.0
nifi	eq	nifi-1.11.2-RC1
nifi	eq	nifi-1.6.0-RC3
nifi	eq	nifi-1.1.0-RC2
nifi	eq	rel/nifi-1.11.3
nifi	eq	rel/nifi-1.11.0
nifi	eq	nifi-1.10.0-RC3
nifi	eq	nifi-1.11.0-RC3
nifi	eq	rel/nifi-1.11.2
nifi	eq	rel/nifi-1.10.0