'[oss-security] [CVE-2020-1933] Apache NiFi Information Disclosure'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2020-1933] Apache NiFi Information Disclosure
From:       Nathan Gough <thenatog () apache ! org>
Date:       2020-01-27 17:07:56
Message-ID: CAEhjM2AWN+kRYtkUrUoia56nZGrefj==pc5RFaqEQ_5U9o1bGQ () mail ! gmail ! com
[Download RAW message or body]

[CVEID]:CVE-2020-1928

[PRODUCT]:Apache NiFi

[VERSION]:Apache NiFi 1.10.0

[PROBLEMTYPE]:Information Disclosure

[REFERENCES]:https://nifi.apache.org/security.html#CVE-2020-1928

[DESCRIPTION]:As reported by Andy LoPresto, the sensitive parameter parser
would log parsed values for debugging purposes. This would expose literal
values entered in a sensitive property when no parameter was present.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic