[CVE-2019-10083] Apache NiFi process group information disclosure

[Nathan Gough <thenatog () apache org>]

[CVEID]:CVE-2019-10083

[PRODUCT]:Apache NiFi

[VERSION]:Apache NiFi 1.3.0 to 1.9.2

[PROBLEMTYPE]:Information Disclosure

[REFERENCES]:https://nifi.apache.org/security.html#CVE-2019-10083

[DESCRIPTION]:As reported by Mark Payne, when updating a Process Group via
the API in NiFi versions 1.3.0 to 1.9.2, the response to the request
includes all of its contents (at the top most level, not recursively). The
response included details about processors and controller services which
the user may not have had read access to.