Insecure Encryption Affecting org.apache.nifi:nifi-bootstrap Open this link in a new tab package, versions [1.2.0, 1.12.0)


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHENIFI-1015376

  • published

    2 Oct 2020

  • disclosed

    2 Oct 2020

  • credit

    Unknown

How to fix?

Upgrade org.apache.nifi:nifi-bootstrap to version 1.12.0 or higher.

Overview

org.apache.nifi:nifi-bootstrap is an easy to use, powerful, and reliable system to process and distribute data.

Affected versions of this package are vulnerable to Insecure Encryption. The NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.