CVE-2017-7667

HIGH

Apache NiFi <1.3.0 - Info Disclosure

Title source: llm

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-346

Status draft

apache/nifi < 0.7.3

apache/nifi

org.apache.nifi/nifi < 0.7.4Maven

Published Jun 12, 2017

Tracked Since Feb 18, 2026