CVE-2020-1928

MEDIUM

Apache NiFi 1.10.0 - Sensitive Information Disclosure in Parameter Parser

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

References (4)

Core 4

Scores

CVSS v3 5.3
EPSS 0.0396
EPSS Percentile 89.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-532
Status published
Products (2)
apache/nifi 1.10.0
org.apache.nifi/nifi-parameter 1.10.0 - 1.11.0Maven
Published Jan 28, 2020
Tracked Since Feb 18, 2026