CVE-2018-17195

Name of the Vulnerable Software and Affected Versions Apache NiFi versions prior to 1.8.0

Description The template upload API endpoint is susceptible to a CSRF attack when combined with ARP spoofing and a man-in-the-middle (MiTM) attack. This complex attack vector requires client certificate authentication, same subnet access, and the injection of malicious code into an unprotected website that the targeted user later visits. The potential damage from this attack warrants a severe severity level.

Recommendations For Apache NiFi versions prior to 1.8.0, upgrade to version 1.8.0 or later to apply the Cross-Origin Resource Sharing (CORS) policy request filtering fix.