CVE-2019-10083
Description
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.188
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-12421,CVE-2019-10083 are fixed in Apache-nifi-web-api 1.10.0 | Windows |
| Vulnerabilities CVE-2019-10083,CVE-2019-10080 are fixed in Apache-nifi-api 1.10.0 | Windows |
| Vulnerabilities CVE-2019-12421,CVE-2019-10083 are fixed in Apache-nifi-web-api for Linux 1.10.0 | Linux |
| Vulnerabilities CVE-2019-10083,CVE-2019-10080 are fixed in Apache-Nifi-api for Linux 1.10.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234