In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache nifi 0.7.0 |
||
apache nifi 1.1.1 |
||
apache nifi 0.7.1 |
||
apache nifi 1.1.0 |