VYPR
Moderate severityNVD Advisory· Published Mar 12, 2025· Updated Mar 12, 2025

Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record

CVE-2025-27017

Description

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.nifi:nifi-mongodb-servicesMaven
>= 1.13.0, < 2.3.02.3.0

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.