You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nifi.apache.org by th...@apache.org on 2022/04/06 18:08:02 UTC

[nifi-site] branch main updated: NIFI-9780 - Updated security.html with version correction and reporter github.

This is an automated email from the ASF dual-hosted git repository.

thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-site.git


The following commit(s) were added to refs/heads/main by this push:
     new 04479c3  NIFI-9780 - Updated security.html with version correction and reporter github.
04479c3 is described below

commit 04479c3faa63fb0c56fa98377c868fd0403224fd
Author: Nathan Gough <th...@gmail.com>
AuthorDate: Wed Apr 6 13:55:47 2022 -0400

    NIFI-9780 - Updated security.html with version correction and reporter github.
---
 src/pages/html/security.hbs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index bcacf0d..0f5ee58 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -71,12 +71,12 @@ title: Apache NiFi Security Reports
         <p>Severity: <strong>Medium</strong></p>
         <p>Versions Affected:</p>
         <ul>
-            <li>Apache NiFi 1.14.0 - 1.15.1</li>
+            <li>Apache NiFi 1.14.0 - 1.15.3</li>
         </ul>
         </p>
         <p>Description: When creating or updating credentials for single-user access, NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access.</p>
         <p>Mitigation: NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.</p>
-        <p>Credit: This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh).</p>
+        <p>Credit: This issue was discovered by Jonathan Leitschuh (https://twitter.com/jlleitschuh). Report available here: <a href="https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq" target="_blank">JLLeitschuh Github</a></p>
         <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26850" target="_blank">Mitre Database: CVE-2022-26850</a></p>
         <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-9785" target="_blank">NIFI-9785</a></p>
         <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/5856" target="_blank">PR 5856</a></p>