Home

CVE-2017-5635

Description

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the anonymous user.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.462

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-5636,CVE-2017-5635 are fixed in Apache-nifi-api 0.7.2Windows
Vulnerabilities CVE-2017-5636,CVE-2017-5635 are fixed in Apache-nifi-api 1.1.2Windows
Vulnerabilities CVE-2017-5636,CVE-2017-5635 are fixed in Apache-Nifi-api for Linux 0.7.2Linux
Vulnerabilities CVE-2017-5636,CVE-2017-5635 are fixed in Apache-Nifi-api for Linux 1.1.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234