CVE-2020-9491

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-9491
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9491.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-9491
Aliases
Published
2020-10-01T20:15:14Z
Modified
2024-10-12T06:41:24.877459Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events

Affected versions

docker/nifi-1.*

docker/nifi-1.2.0

nifi-1.*

nifi-1.0.0-RC1
nifi-1.1.0-RC2
nifi-1.10.0-RC3
nifi-1.11.0-RC3
nifi-1.11.1-RC1
nifi-1.11.2-RC1
nifi-1.11.3-RC1
nifi-1.11.4-RC1
nifi-1.2.0-RC2
nifi-1.3.0-RC1
nifi-1.5.0-RC1
nifi-1.6.0-RC3
nifi-1.7.0-RC1
nifi-1.8.0-RC3
nifi-1.9.0-RC2

rel/nifi-1.*

rel/nifi-1.0.0
rel/nifi-1.1.0
rel/nifi-1.10.0
rel/nifi-1.11.0
rel/nifi-1.11.1
rel/nifi-1.11.2
rel/nifi-1.11.3
rel/nifi-1.11.4
rel/nifi-1.2.0
rel/nifi-1.3.0
rel/nifi-1.4.0
rel/nifi-1.5.0
rel/nifi-1.6.0
rel/nifi-1.7.0
rel/nifi-1.8.0
rel/nifi-1.9.0

support/nifi-1.*

support/nifi-1.11.1