Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0ZmotY2NyNi03cGNw
Apache NiFi Insertion of Sensitive Information into Log File
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.
Permalink: https://github.com/advisories/GHSA-w4fj-ccr6-7pcpJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0ZmotY2NyNi03cGNw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 4 days ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-w4fj-ccr6-7pcp, CVE-2020-1928
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-1928
- https://github.com/apache/nifi/commit/42cb6e84898e66672878f61f99543d6af3c0a567
- https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E
- https://nifi.apache.org/security.html#CVE-2020-1928
- https://github.com/apache/nifi/pull/3935
- https://github.com/advisories/GHSA-w4fj-ccr6-7pcp
Affected Packages
maven:org.apache.nifi:nifi-parameter
Versions: = 1.10.0Fixed in: 1.11.0