CVE-2020-1933

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1933

Aliases

GHSA-pqhq-xx62-2v2p

Published

2020-01-28T01:15:12Z

Modified

2024-09-03T03:21:09.110917Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

References

https://nifi.apache.org/security.html#CVE-2020-1933

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type: GIT
Repo: https://github.com/apache/nifi
Events: Introduced

74d5224783dfdc513f6b3ad5ed96671d3c581707

Last affected

b217ae20ad6a04cac874b2b00d93b7f7514c0b88

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-1.*

nifi-1.0.0-RC1

nifi-1.1.0-RC2

nifi-1.10.0-RC3

nifi-1.2.0-RC2

nifi-1.3.0-RC1

nifi-1.5.0-RC1

nifi-1.6.0-RC3

nifi-1.7.0-RC1

nifi-1.8.0-RC3

nifi-1.9.0-RC2

rel/nifi-1.*

rel/nifi-1.0.0

rel/nifi-1.1.0

rel/nifi-1.10.0

rel/nifi-1.2.0

rel/nifi-1.3.0

rel/nifi-1.4.0

rel/nifi-1.5.0

rel/nifi-1.6.0

rel/nifi-1.7.0

rel/nifi-1.8.0

rel/nifi-1.9.0