CVE-2019-10083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10083

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10083.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10083

Aliases

GHSA-26p8-xrj2-mv53

Published

2019-11-19T22:15:11Z

Modified

2024-10-12T04:11:41.338734Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type: GIT
Repo: https://github.com/apache/nifi
Events: Introduced

ddb73612bd1512d8b2151b81f9aa40811bca2aaa

Last affected

11320acfbaab1a3579bd8f7545473d6984472d77

Affected versions

nifi-1.*

nifi-1.3.0-RC1

nifi-1.5.0-RC1

nifi-1.6.0-RC3

nifi-1.7.0-RC1

nifi-1.8.0-RC3

nifi-1.9.0-RC2

nifi-1.9.1-RC1

nifi-1.9.2-RC2

rel/nifi-1.*

rel/nifi-1.3.0

rel/nifi-1.4.0

rel/nifi-1.5.0

rel/nifi-1.6.0

rel/nifi-1.7.0

rel/nifi-1.8.0

rel/nifi-1.9.0

rel/nifi-1.9.1

rel/nifi-1.9.2