Nifi Security Vulnerabilities and Issues — Nifi CVE List

Lucene search

ApacheNifi

3 matches found

CVE•added 2019/11/19 10:15 p.m.•109 views

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS6.3AI score0.00512EPSS

CVE•added 2019/11/19 10:15 p.m.•99 views

CVE-2019-10083

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

5.3CVSS5AI score0.00266EPSS

CVE•added 2019/11/19 10:15 p.m.•90 views

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to ...

8.8CVSS8.7AI score0.00316EPSS