CVE-2020-1942

EUVD-2022-0504
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
apachenifi
0.0.1 ≤
𝑥
≤ 1.11.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nifi.apache.org/security.html#CVE-2020-1942
https://nifi.apache.org/security.html#CVE-2020-1942