Back to search
CVE-2019-10083
Published: Nov 19, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache NiFi | affected Apache NiFi 1.3.0 to 1.9.2 |
References
https://nifi.apache.org/security.html#CVE-2019-10083
x_refsource_CONFIRM
[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now