PT-2018-13943 · Apache · Apache Nifi
Suchithra V N
·
Published
2018-12-19
·
Updated
2020-08-24
·
CVE-2018-17192
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache NiFi versions prior to 1.8.0
Description
The issue arises from inconsistent application of the X-Frame-Options headers in HTTP responses, leading to potential clickjacking attacks due to incorrect interpretation by some browsers.
Recommendations
For Apache NiFi versions prior to 1.8.0, upgrade to Apache NiFi 1.8.0 or a later version to ensure consistent application of security headers and mitigate the risk of clickjacking attacks.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nifi