Vulnerabilities > Apache > Nifi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2020-1928 | Information Exposure Through Log Files vulnerability in Apache Nifi 1.10.0 An information disclosure vulnerability was found in Apache NiFi 1.10.0. | 5.3 |
| 2019-11-19 | CVE-2019-10083 | Information Exposure vulnerability in Apache Nifi When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). | 5.3 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |
| 2018-12-19 | CVE-2018-17193 | Cross-site Scripting vulnerability in Apache Nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. | 6.1 |
| 2018-12-19 | CVE-2018-17192 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. | 6.5 |
| 2018-01-25 | CVE-2017-15703 | Deserialization of Untrusted Data vulnerability in Apache Nifi Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. | 5.0 |
| 2017-10-19 | CVE-2016-8748 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. | 5.4 |
| 2017-10-10 | CVE-2017-12623 | XXE vulnerability in Apache Nifi An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. | 6.5 |
| 2017-06-12 | CVE-2017-7665 | Cross-site Scripting vulnerability in Apache Nifi In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. | 6.1 |