Description

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration.

INFO

Published Date :

2024-11-21T09:28:43.910Z

Last Modified :

2024-11-21T15:37:48.210Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52067 vulnerability.

Vendors Products
Apache
  • Nifi
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52067.

URL Resource
http://www.openwall.com/lists/oss-security/2024/11/20/2 cve-icon
https://lists.apache.org/thread/9rz5rwn2zc7pfjq7ppqldqlc067tlcwd cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact