CVE-2019-12421

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12421

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12421.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12421

Aliases

GHSA-fmqw-vqh5-cwq9

Published

2019-11-19T22:15:11.287Z

Modified

2026-04-10T04:15:30.980438Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type

GIT

Repo

https://github.com/apache/nifi

Events

Introduced

74d5224783dfdc513f6b3ad5ed96671d3c581707

Last affected

11320acfbaab1a3579bd8f7545473d6984472d77

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.9.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12421.json"