Apache Nifi
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:apache_nifi:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Apache Nifi (7ed3061b-9ac3-5e56-95ca-57b0d645aa67) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-9491 |
vulnerable | 2026-06-08 05:28:02.068409 |
Details available
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.
Published: 2020-10-01T19:57:34.000Z
Updated: 2024-08-04T10:26:16.409Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9487 |
vulnerable | 2026-06-08 05:28:01.902006 |
Details available
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.
Published: 2020-10-01T19:53:11.000Z
Updated: 2024-08-04T10:26:16.254Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9486 |
vulnerable | 2026-06-08 05:28:01.900279 |
Details available
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Published: 2020-10-01T19:50:53.000Z
Updated: 2024-08-04T10:26:16.358Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1942 |
vulnerable | 2026-06-08 05:21:03.629573 |
Details available
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
Published: 2020-02-11T20:57:26.000Z
Updated: 2024-08-04T06:54:00.412Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13940 |
vulnerable | 2026-06-08 05:18:01.483366 |
Details available
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).
Published: 2020-10-01T19:55:16.000Z
Updated: 2024-08-04T12:32:14.454Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12421 |
vulnerable | 2026-06-08 05:12:39.128998 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10083 |
vulnerable | 2026-06-08 05:12:22.127998 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10080 |
vulnerable | 2026-06-08 05:12:22.119124 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.