4 matches found
org.apache.nifi:nifi-bootstrap (>=1.14.0 <=1.15.3), org.apache.nifi:nifi-single-user-iaa-providers (>=1.14.0 <=1.15.3) +2 more potentially affected by CVE-2022-26850 via org.apache.nifi:nifi-single-user-utils (>=1.14.0 <=1.15.3)
org.apache.nifi:nifi-single-user-utils MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.3 Source cves: CVE-2022-26850 Source advisory: OSV:GHSA-RVP4-R3G6-8HXQ...
CVE-2022-26850
creationtimestamp| type| source ---|---|--- 2022-04-06 22:30:33+00:00| seen| https://t.me/cibsecurity/40255 2024-01-28 06:12:42+00:00| seen| https://t.me/arpsyndicate/3228...
CVE-2022-26850 Insufficiently protected credentials
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the...
CVE-2022-26850
CVE-2022-26850 affects Apache NiFi (pre-1.16) where during creation/update of single-user credentials a copy of the Login Identity Providers configuration was written to the OS temporary directory, which often has global read permissions. The temporary file was moved to the final configuration di...