[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2020-1933] Apache NiFi Information Disclosure
From: Nathan Gough <thenatog () apache ! org>
Date: 2020-01-27 17:07:56
Message-ID: CAEhjM2AWN+kRYtkUrUoia56nZGrefj==pc5RFaqEQ_5U9o1bGQ () mail ! gmail ! com
[Download RAW message or body]
[CVEID]:CVE-2020-1928
[PRODUCT]:Apache NiFi
[VERSION]:Apache NiFi 1.10.0
[PROBLEMTYPE]:Information Disclosure
[REFERENCES]:https://nifi.apache.org/security.html#CVE-2020-1928
[DESCRIPTION]:As reported by Andy LoPresto, the sensitive parameter parser
would log parsed values for debugging purposes. This would expose literal
values entered in a sensitive property when no parameter was present.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic