CVE-2020-9482 vulnerability in Apache Products
Published on April 28, 2020
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.
Products Associated with CVE-2020-9482
stack.watch emails you whenever new vulnerabilities are published in Apache Nifi Registry or Apache NiFi. Just hit a watch button to start following.
Affected Versions
Apache NiFi Registry Version 0.1.0 to 0.5.0 is affected by CVE-2020-9482Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.