Maven package
org.apache.nifi/nifi-web-security
pkg:maven/org.apache.nifi/nifi-web-security
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-12421 | — | >= 1.3.0, < 1.10.0 | 1.10.0 | Nov 19, 2019 | When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours af |
- CVE-2019-12421Nov 19, 2019affected >= 1.3.0, < 1.10.0fixed 1.10.0
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours af