1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-7Q8G-GPFP-V8GX

[MAVEN:GHSA-7Q8G-GPFP-V8GX] Insertion of Sensitive Information into Log File in Apache NiFi

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.

Package Affected Version
pkg:maven/org.apache.nifi/nifi-security-utils >= 0.0.1, <= 1.11.0
pkg:maven/org.apache.nifi/nifi-framework-core >= 0.0.1, <= 1.11.0
Package Fixed Version
pkg:maven/org.apache.nifi/nifi-security-utils = 1.12.0-RC1
pkg:maven/org.apache.nifi/nifi-framework-core = 1.12.0-RC1
ID
MAVEN:GHSA-7Q8G-GPFP-V8GX
Severity
high
URL
https://github.com/advisories/GHSA-7q8g-gpfp-v8gx
Published
2022-01-06T20:40:58
(2 years ago)
Modified
2023-07-31T21:52:43
(13 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.apache.nifi/nifi-security-utils org.apache.nifi nifi-security-utils >= 0.0.1 <= 1.11.0
Fixed pkg:maven/org.apache.nifi/nifi-security-utils org.apache.nifi nifi-security-utils = 1.12.0-RC1
Affected pkg:maven/org.apache.nifi/nifi-framework-core org.apache.nifi nifi-framework-core >= 0.0.1 <= 1.11.0
Fixed pkg:maven/org.apache.nifi/nifi-framework-core org.apache.nifi nifi-framework-core = 1.12.0-RC1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date