You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2020/10/01 14:04:53 UTC
[nifi-site] branch main updated: Added credit for CVE reporter.
This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/main by this push:
new 7ecb4d5 Added credit for CVE reporter.
7ecb4d5 is described below
commit 7ecb4d5ff24e793fe247b12939e017ca20fbdfbf
Author: Andy LoPresto <al...@apache.org>
AuthorDate: Thu Oct 1 07:04:16 2020 -0700
Added credit for CVE reporter.
---
src/pages/html/security.hbs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index c25220e..f96af8c 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -92,7 +92,7 @@ title: Apache NiFi Security Reports
</p>
<p>Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. </p>
<p>Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. </p>
- <p>Credit: This issue was discovered by an anonymous community member. </p>
+ <p>Credit: This issue was discovered by Dennis Detering (IT Security Consultant at Spike Reply). </p>
<p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487" target="_blank">Mitre Database: CVE-2020-9487</a></p>
<p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-7385" target="_blank">NIFI-7385</a></p>
<p>NiFi PR: <a href="https://github.com/apache/nifi/pull/4271" target="_blank">PR 4271</a></p>