CVE-2017-5635

Summary

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache NiFi0.7.0affected
Apache Software FoundationApache NiFi0.7.1affected
Apache Software FoundationApache NiFi1.1.0affected
Apache Software FoundationApache NiFi1.1.1affected

Weaknesses

  • Unauthorized Access

ADP Enrichment

CVE Program Container

Additional References

References