Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheNifi

8 matches found

CVE
CVEadded 2024/12/28 5:15 p.m.914 views

CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where ...

5.4CVSS6.4AI score0.23349EPSS
CVE
CVEadded 2021/02/26 10:15 p.m.297 views

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those qual...

5.3CVSS5.2AI score0.26008EPSS
CVE
CVEadded 2024/07/08 8:15 a.m.216 views

CVE-2024-37389

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client br...

5.4CVSS4.8AI score0.00111EPSS
CVE
CVEadded 2020/01/28 1:15 a.m.117 views

CVE-2020-1928

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

5.3CVSS5AI score0.00454EPSS
CVE
CVEadded 2019/11/19 10:15 p.m.99 views

CVE-2019-10083

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

5.3CVSS5AI score0.00266EPSS
CVE
CVEadded 2018/01/25 9:29 p.m.68 views

CVE-2017-15703

Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users ru...

5CVSS5.2AI score0.00377EPSS
CVE
CVEadded 2020/10/01 8:15 p.m.64 views

CVE-2020-13940

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).

5.5CVSS5.4AI score0.01252EPSS
CVE
CVEadded 2017/10/19 8:29 p.m.54 views

CVE-2016-8748

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

5.4CVSS5.2AI score0.00492EPSS