PT-2020-15172 · Apache · Apache Nifi

Andy Lopresto

Published

2020-01-28

Updated

2025-09-12

CVE-2020-1928

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache NiFi version 1.10.0

Description An information disclosure issue was found in the sensitive parameter parser, which would log parsed values for debugging purposes. This exposes literal values entered in a sensitive property when no parameter is present.

Recommendations For Apache NiFi version 1.10.0, consider disabling the sensitive parameter parser's debugging logging to prevent exposure of sensitive information. Restrict access to the logs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-532

Related Identifiers

BIT-NIFI-2020-1928

CVE-2020-1928

GHSA-W4FJ-CCR6-7PCP

Affected Products

Apache Nifi

PT-2020-15172 · Apache · Apache Nifi

CVE-2020-1928

Weakness Enumeration

Related Identifiers

Affected Products

References · 15