CVE-2020-1942: Information Exposure

February 11, 2020 (updated July 21, 2021)

In Apache NiFi, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.

References

nifi.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2020-1942

Code Behaviors & Features

Detect and mitigate CVE-2020-1942 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →