Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/02/09 12:23 a.m.3 views

org.apache.nifi.registry:nifi-registry-assembly (>=0.1.0 <=0.5.0), org.apache.nifi.registry:nifi-registry-docs (>=0.4.0 <=0.5.0) potentially affected by CVE-2020-9482 via org.apache.nifi.registry:nifi-registry-web-api (>=0.1.0 <=0.5.0)

org.apache.nifi.registry:nifi-registry-web-api MAVEN version =0.1.0, =0.1.0, =0.4.0, =0.5.0 Source cves: CVE-2020-9482 Source advisory: OSV:GHSA-RCWJ-2HJ2-VMJJ...

6.5CVSS6.5AI score0.02607EPSS
Exploits0
NVD
NVD
added 2020/04/28 7:15 p.m.18 views

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

6.5CVSS6.6AI score0.02607EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/28 6:12 p.m.23 views

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

6.5AI score0.02607EPSS
Exploits0References1
CVE
CVE
added 2020/04/28 6:12 p.m.83 views

CVE-2020-9482

CVE-2020-9482 affects NiFi Registry versions 0.1.0 to 0.5.0. The root cause is using an authentication mechanism other than PKI where, on logout, the server does not invalidate the token; only the client-side token is invalidated. As a result, the token may remain usable for up to 12 hours after ...

6.5CVSS6.5AI score0.02607EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder