oss-sec mailing list archives
[CVE-2020-1933] Apache NiFi Information Disclosure
From: Nathan Gough <thenatog () apache org>
Date: Mon, 27 Jan 2020 12:07:56 -0500
[CVEID]:CVE-2020-1928 [PRODUCT]:Apache NiFi [VERSION]:Apache NiFi 1.10.0 [PROBLEMTYPE]:Information Disclosure [REFERENCES]:https://nifi.apache.org/security.html#CVE-2020-1928 [DESCRIPTION]:As reported by Andy LoPresto, the sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.
Current thread:
- [CVE-2020-1933] Apache NiFi Information Disclosure Nathan Gough (Jan 27)