CVE-2020-1928

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1928

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1928.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1928

Aliases

GHSA-w4fj-ccr6-7pcp

Published

2020-01-28T01:15:12Z

Modified

2024-09-03T03:20:54.151749Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type: GIT
Repo: https://github.com/apache/nifi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b217ae20ad6a04cac874b2b00d93b7f7514c0b88

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-0.*

nifi-0.0.1-incubating-RC3

nifi-0.0.2-incubating-RC1

nifi-0.1.0-incubating-rc13

nifi-0.2.0-incubating-RC1

nifi-0.2.1-RC1

nifi-0.3.0-RC1

nifi-0.4.0

nifi-0.4.0-RC2

nifi-0.4.1

nifi-0.4.1-RC1

nifi-0.5.0

nifi-0.5.0-RC3

nifi-0.6.0

nifi-0.6.0-RC2

nifi-1.*

nifi-1.0.0-RC1

nifi-1.1.0-RC2

nifi-1.10.0-RC3

nifi-1.2.0-RC2

nifi-1.3.0-RC1

nifi-1.5.0-RC1

nifi-1.6.0-RC3

nifi-1.7.0-RC1

nifi-1.8.0-RC3

nifi-1.9.0-RC2

nifi-nar-maven-plugin-1.*

nifi-nar-maven-plugin-1.0.0-incubating-RC3

nifi-nar-maven-plugin-1.0.1-incubating-rc13

nifi-parent-1.*

nifi-parent-1.0.0-incubating-rc13

rel/nifi-1.*

rel/nifi-1.0.0

rel/nifi-1.1.0

rel/nifi-1.10.0

rel/nifi-1.2.0

rel/nifi-1.3.0

rel/nifi-1.4.0

rel/nifi-1.5.0

rel/nifi-1.6.0

rel/nifi-1.7.0

rel/nifi-1.8.0

rel/nifi-1.9.0