Back to search
CVE-2020-9491
Published: Oct 1, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache NiFi | affected Apache NiFi 1.2.0 to 1.11.4 |
References
https://nifi.apache.org/security#CVE-2020-9491
x_refsource_MISC
[nifi-commits] 20201005 svn commit: r1882253 - /nifi/site/trunk/security.html
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now