CVE-2020-1928: Information Exposure

January 28, 2020 (updated July 21, 2021)

An information disclosure vulnerability was found in Apache NiFi. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

References

nifi.apache.org/security.html
nvd.nist.gov/vuln/detail/CVE-2020-1928

Detect and mitigate CVE-2020-1928 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →