2 matches found
CVE-2022-33140
The Red Hat, CIRCL, OSV, and other connected feeds confirm CVE-2022-33140 affects Apache NiFi (1.10.0–1.16.2) and Apache NiFi Registry (0.6.0–1.16.2). The root cause is that the optional ShellUserGroupProvider does not neutralize arguments for group resolution commands, allowing command injection...
CVE-2020-9482
CVE-2020-9482 affects NiFi Registry versions 0.1.0 to 0.5.0. The root cause is using an authentication mechanism other than PKI where, on logout, the server does not invalidate the token; only the client-side token is invalidated. As a result, the token may remain usable for up to 12 hours after ...