CVE-2020-9487
N/A
N/A
Summary
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Apache NiFi | Apache NiFi 1.0.0 to 1.11.4 | affected |
Weaknesses
- Denial of Service
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.