CVE-2019-10083

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10083
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10083.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10083
Aliases
Published
2019-11-19T22:15:11Z
Modified
2024-09-03T02:21:43.062413Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events

Affected versions

nifi-1.*

nifi-1.3.0-RC1
nifi-1.5.0-RC1
nifi-1.6.0-RC3
nifi-1.7.0-RC1
nifi-1.8.0-RC3
nifi-1.9.0-RC2
nifi-1.9.1-RC1
nifi-1.9.2-RC2

rel/nifi-1.*

rel/nifi-1.3.0
rel/nifi-1.4.0
rel/nifi-1.5.0
rel/nifi-1.6.0
rel/nifi-1.7.0
rel/nifi-1.8.0
rel/nifi-1.9.0
rel/nifi-1.9.1
rel/nifi-1.9.2