Known Vulnerabilities for Nifi by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Nifi" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-25903 | Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that... | Not Provided | 2026-02-17 | 2026-02-17 |
| CVE-2021-20190 | A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and ... | 8.1 - HIGH | 2021-01-19 | 2023-11-07 |
| CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing ... | 5.3 - MEDIUM | 2021-02-26 | 2023-11-07 |
| CVE-2020-13940 | In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider object... | 5.5 - MEDIUM | 2020-10-01 | 2020-10-05 |
| CVE-2020-9491 | In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections es... | 7.5 - HIGH | 2020-10-01 | 2023-11-07 |
| CVE-2020-9487 | In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not aut... | 7.5 - HIGH | 2020-10-01 | 2020-10-05 |
| CVE-2020-9486 | In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property va... | 7.5 - HIGH | 2020-10-01 | 2020-10-05 |
| CVE-2020-1942 | In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property de... | 7.5 - HIGH | 2020-02-11 | 2021-07-21 |
| CVE-2020-1933 | A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by... | 6.1 - MEDIUM | 2020-01-28 | 2020-01-29 |
| CVE-2020-1928 | An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed valu... | 5.3 - MEDIUM | 2020-01-28 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Nifi | 1.9.2 | All | All | All |
| Application | Apache | Nifi | 1.9.2 | - | All | All |
| Application | Apache | Nifi | 1.9.2 | rc1 | All | All |
| Application | Apache | Nifi | 1.9.2 | rc2 | All | All |
| Application | Apache | Nifi | 1.9.1 | - | All | All |
| Application | Apache | Nifi | 1.9.1 | rc1 | All | All |
| Application | Apache | Nifi | 1.9.0 | - | All | All |
| Application | Apache | Nifi | 1.9.0 | rc1 | All | All |
| Application | Apache | Nifi | 1.9.0 | rc2 | All | All |
| Application | Apache | Nifi | 1.8.0 | All | All | All |
| Application | Apache | Nifi | 1.8.0 | - | All | All |
| Application | Apache | Nifi | 1.8.0 | rc1 | All | All |
| Application | Apache | Nifi | 1.8.0 | rc2 | All | All |
| Application | Apache | Nifi | 1.8.0 | rc3 | All | All |
| Application | Apache | Nifi | 1.7.1 | All | All | All |
| Application | Apache | Nifi | 1.7.1 | - | All | All |
| Application | Apache | Nifi | 1.7.1 | rc1 | All | All |
| Application | Apache | Nifi | 1.7.0 | All | All | All |
| Application | Apache | Nifi | 1.7.0 | - | All | All |
| Application | Apache | Nifi | 1.7.0 | rc1 | All | All |