CVE-2020-1942
Last modified
CVE-2020-1942 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.. EPSS estimates a 3.41% chance of exploitation in the next 30 days.
Description
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nifi | >= 0.0.1, <= 1.11.0 |
References
- https://nifi.apache.org/security.html#CVE-2020-1942Vendor Advisory
- https://nifi.apache.org/security.html#CVE-2020-1942Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-1942?
How severe is CVE-2020-1942?
How do I fix CVE-2020-1942?
Are you affected by CVE-2020-1942?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST