Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbXAtanZyNy1oeDc4
Inadequate Encryption Strength in Apache NiFi
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.
Permalink: https://github.com/advisories/GHSA-rfmp-jvr7-hx78JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbXAtanZyNy1oeDc4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: almost 2 years ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-rfmp-jvr7-hx78, CVE-2020-9491
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-9491
- https://github.com/apache/nifi/commit/441781cec50f77d9f1e65093f55bbd614b8c5ec6
- https://lists.apache.org/thread.html/r2d9c21f9ec35d66f2bb42f8abe876dabd786166b6284e9a33582c718@%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/re48582efe2ac973f8cff55c8b346825cb491c71935e15ab2d61ef3bf@%3Ccommits.nifi.apache.org%3E
- https://nifi.apache.org/security#CVE-2020-9491
- https://github.com/advisories/GHSA-rfmp-jvr7-hx78
Blast Radius: 0.0
Affected Packages
maven:org.apache.nifi:nifi
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 1.2.0, <= 1.11.4
Fixed in: 1.12.0-RC1
All affected versions: 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4
All unaffected versions: 0.2.1, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.23.1, 1.23.2, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0