oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2020-1933] Apache NiFi Information Disclosure

From: Nathan Gough <thenatog () apache org>
Date: Mon, 27 Jan 2020 12:07:56 -0500
[CVEID]:CVE-2020-1928

[PRODUCT]:Apache NiFi

[VERSION]:Apache NiFi 1.10.0

[PROBLEMTYPE]:Information Disclosure

[REFERENCES]:https://nifi.apache.org/security.html#CVE-2020-1928

[DESCRIPTION]:As reported by Andy LoPresto, the sensitive parameter parser
would log parsed values for debugging purposes. This would expose literal
values entered in a sensitive property when no parameter was present.
Previous By Date Next
Previous By Thread Next

Current thread: