nifi-web-security is vulnerable to denial of service. The NiFi download token (one-time password) mechanism used a fixed cache size and does not authenticate a request to create a download token. This allows an unauthenticated user to repeatedly request download tokens, preventing legitimate users from requesting download tokens.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-web-security | le | 1.11.4 |