Identifier

CVE-2020-9486

Package Slug

maven/org.apache.nifi/nifi

Vulnerability

Inclusion of Sensitive Information in Log Files

Description

In Apache NiFi, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.

Affected Versions

All versions starting from 1.0.0 up to 1.11.4

Solution

Upgrade to version 1.12.0 or above.

Last Modified

2020-10-06

source