CVE-2017-5635

CWE-287 — Improper Authentication5 documents5 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Nifi Apache Nifi

Timeline

PublishedOct 19

Latest updateMay 13

Description

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.nifi:nifi1.0.0 — 1.1.2+1

▶NVDapache/nifi4 versions+3

▶CVEListV5apache_software_foundation/apache_nifi4 versions+3

🔴Vulnerability Details

OSV

Improper Authentication In Apache NiFi↗2022-05-13

▶

GHSA

Improper Authentication In Apache NiFi↗2022-05-13

▶

CVEList

CVE-2017-5635: In Apache NiFi before 0↗2017-10-19

▶

📋Vendor Advisories

Apache

Apache nifi: CVE-2017-5635↗

▶