CVE-2018-17192
published 2018-12-19CVE-2018-17192: The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| apache | nifi | 1.0.0 – 1.6.0 | — |
| apache_software_foundation | apache_nifi | — | — |