High severityNVD Advisory· Published Feb 11, 2020· Updated Aug 4, 2024
CVE-2020-1942
CVE-2020-1942
Description
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.nifi:nifi-framework-coreMaven | >= 0.0.1, < 1.12.0-RC1 | 1.12.0-RC1 |
org.apache.nifi:nifi-security-utilsMaven | >= 0.0.1, < 1.12.0-RC1 | 1.12.0-RC1 |
Affected products
4- Apache/NiFidescription
- osv-coords3 versionspkg:bitnami/nifipkg:maven/org.apache.nifi/nifi-framework-corepkg:maven/org.apache.nifi/nifi-security-utils
>= 0.0.1, <= 1.11.0+ 2 more
- (no CPE)range: >= 0.0.1, <= 1.11.0
- (no CPE)range: >= 0.0.1, < 1.12.0-RC1
- (no CPE)range: >= 0.0.1, < 1.12.0-RC1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-7q8g-gpfp-v8gxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1942ghsaADVISORY
- github.com/apache/nifi/commit/95746d346cddbd6134c4b28fdc39d5813a626f97ghsaWEB
- github.com/apache/nifi/commit/d7c29f46378379fb596e4d1e59d1a3c41063db5bghsaWEB
- github.com/apache/nifi/pull/4028ghsaWEB
- issues.apache.org/jira/browse/NIFI-7079ghsaWEB
- nifi.apache.org/security.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.