nifi-web-api is vulnerable to cross-site request forgery (CSRF) attacks. The vulnerability exists due to the lack of Cross-Origin Resource Sharing (CORS) filter applied to the template/upload endpoint, allowing requests from different domains in the origin to be accepted.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-web-api | le | 1.7.1 |