4 matches found
org.apache.nifi.registry:nifi-registry-assembly (>=0.1.0 <=0.5.0), org.apache.nifi.registry:nifi-registry-docs (>=0.4.0 <=0.5.0) potentially affected by CVE-2020-9482 via org.apache.nifi.registry:nifi-registry-web-api (>=0.1.0 <=0.5.0)
org.apache.nifi.registry:nifi-registry-web-api MAVEN version =0.1.0, =0.1.0, =0.4.0, =0.5.0 Source cves: CVE-2020-9482 Source advisory: OSV:GHSA-RCWJ-2HJ2-VMJJ...
CVE-2020-9482
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...
CVE-2020-9482
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...
CVE-2020-9482
CVE-2020-9482 affects NiFi Registry versions 0.1.0 to 0.5.0. The root cause is using an authentication mechanism other than PKI where, on logout, the server does not invalidate the token; only the client-side token is invalidated. As a result, the token may remain usable for up to 12 hours after ...