Vulnerabilities > Apache > Nifi > 1.28.0

DATE CVE VULNERABILITY TITLE RISK
2024-12-28 CVE-2024-56512 Missing Authorization vulnerability in Apache Nifi
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context.
network
low complexity
apache CWE-862
5.4
2024-11-21 CVE-2024-52067 Information Exposure Through Log Files vulnerability in Apache Nifi
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process.
network
low complexity
apache CWE-532
4.9