Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Apache NiFi Registry by Apache

    CVE-2020-9482 (GCVE-0-2020-9482)

    Vulnerability from nvd – Published: 2020-04-28 18:12 – Updated: 2024-08-04 10:26
    VLAI
    Summary
    If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.
    Severity
    No CVSS data available.
    CWE
    • Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Apache NiFi Registry Affected: 0.1.0 to 0.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:16.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache NiFi Registry",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1.0 to 0.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-28T18:12:58.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2020-9482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache NiFi Registry",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "0.1.0 to 0.5.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nifi.apache.org/registry-security.html#CVE-2020-9482",
                  "refsource": "CONFIRM",
                  "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9482",
        "datePublished": "2020-04-28T18:12:58.000Z",
        "dateReserved": "2020-03-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:26:16.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9482 (GCVE-0-2020-9482)

    Vulnerability from cvelistv5 – Published: 2020-04-28 18:12 – Updated: 2024-08-04 10:26
    VLAI
    Summary
    If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.
    Severity
    No CVSS data available.
    CWE
    • Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Apache NiFi Registry Affected: 0.1.0 to 0.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:16.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache NiFi Registry",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1.0 to 0.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-28T18:12:58.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2020-9482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache NiFi Registry",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "0.1.0 to 0.5.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user\u0027s client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nifi.apache.org/registry-security.html#CVE-2020-9482",
                  "refsource": "CONFIRM",
                  "url": "https://nifi.apache.org/registry-security.html#CVE-2020-9482"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9482",
        "datePublished": "2020-04-28T18:12:58.000Z",
        "dateReserved": "2020-03-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:26:16.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }