Back to search
CVE-2025-27017
Published: Mar 12, 2025
Modified: Mar 12, 2025
PUBLISHED
Description
Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache NiFi | affected 1.13.0 - <= 2.2.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now