CVE-2020-1942 — Log File Information Exposure in Apache Nifi

CWE-532 — Log File Information Exposure CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 62.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Nifi Apache Software Foundation Apache Nifi

Timeline

PublishedFeb 11

Latest updateJan 6

Description

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/nifi0.0.1 — 1.11.0

▶CVEListV5apache_software_foundation/apache_nifiApache NiFi 0.0.1 to 1.11.0

🔴Vulnerability Details

OSV

Insertion of Sensitive Information into Log File in Apache NiFi↗2022-01-06

▶

GHSA

Insertion of Sensitive Information into Log File in Apache NiFi↗2022-01-06

▶

CVEList

CVE-2020-1942: In Apache NiFi 0↗2020-02-11

▶

📋Vendor Advisories

Apache

Apache nifi: CVE-2020-1942↗

▶