<p>Upgrade <code>org.apache.nifi:nifi-bootstrap</code> to version 1.12.0 or higher.</p>

Insecure Encryption Affecting org.apache.nifi:nifi-bootstrap package, versions [1.2.0, 1.12.0)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.18% (55^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGAPACHENIFI-1015376
published 2 Oct 2020
disclosed 2 Oct 2020
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 2 Oct 2020

CVE-2020-9491 Open this link in a new tab CWE-326 Open this link in a new tab

How to fix?

Upgrade org.apache.nifi:nifi-bootstrap to version 1.12.0 or higher.

Overview

org.apache.nifi:nifi-bootstrap is an easy to use, powerful, and reliable system to process and distribute data.

Affected versions of this package are vulnerable to Insecure Encryption. The NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.