CVE-2024-52067

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

6.9MEDIUM

EPSS

0.0%

top 89.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Nifi Apache Software Foundation Apache Nifi

Timeline

PublishedNov 21

Latest updateFeb 11

Description

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apach…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Affected Packages3 packages

▶Mavenorg.apache.nifi:nifi-framework-core1.16.0 — 1.28.1+1

▶NVDapache/nifi1.16.0 — 1.28.1+1

▶CVEListV5apache_software_foundation/apache_nifi1.16.0 — 1.28.0+1

🔴Vulnerability Details

GHSA

Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log↗2025-02-11

▶

OSV

Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log↗2025-02-11

▶

CVEList

Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log↗2024-11-21

▶

📋Vendor Advisories

Apache

Apache nifi: CVE-2024-52067↗

▶