CVE-2017-5635

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.09 % (41^th)

Affected Products 1

Advisories 1

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

Weaknesses

CWE-287: Improper Authentication

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2017-10-19 20:29:00
(7 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Apache

Nifi

Configuration #1

		CPE23	From	Up To
	Apache Nifi 0.7.0	cpe:2.3:a:apache:nifi:0.7.0
	Apache Nifi 0.7.1	cpe:2.3:a:apache:nifi:0.7.1
	Apache Nifi 1.1.0	cpe:2.3:a:apache:nifi:1.1.0
	Apache Nifi 1.1.1	cpe:2.3:a:apache:nifi:1.1.1