CVE-2020-1933

MEDIUM6.1EPSS 0.41%

Cross-site scripting in Apache NiFi

發布日:2022/1/6修改日:2025/9/15

描述

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

受影響套件(2)

Bitnami/nifi>= 1.0.0, <= 1.10.0
Maven/org.apache.nifi:nifi>= 1.0.0, < 1.11.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1933
WEBhttps://github.com/apache/nifi/pull/3991
WEBhttps://nifi.apache.org/security.html#CVE-2020-1933