Description
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
Remediation
References
https://nifi.apache.org/security.html#CVE-2020-1942
Related Vulnerabilities
CVE-2013-2165 Vulnerability in maven package org.richfaces.framework:richfaces-impl
CVE-2020-5408 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2015-5344 Vulnerability in maven package org.apache.camel:camel-core
CVE-2018-1000114 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds
CVE-2019-10455 Vulnerability in maven package org.jenkins-ci.plugins:icescrum