Published: 28/01/2020 Updated: 02/03/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Apache NiFi could allow a remote authenticated malicious user to obtain sensitive information, caused by the sensitive parameter parser logging parsed values for debugging purposes. An attacker could exploit this vulnerability to obtain sensitive information.

Vulnerability Trend

Affected Products

Vendor Product Versions

Mailing Lists

[CVEID]:CVE-2020-1928 [PRODUCT]:Apache NiFi [VERSION]:Apache NiFi 1100 [PROBLEMTYPE]:Information Disclosure [REFERENCES]:nifiapacheorg/securityhtml#CVE-2020-1928 [DESCRIPTION]:As reported by Andy LoPresto, the sensitive parameter parser would log parsed values for debugging purposes This would expose literal values entered in a s ...