Homepage
About Snyk

Clickjacking Affecting org.apache.nifi:nifi-jetty-bundle package, versions [,1.8.0)

Severity

 Recommended
0.0
low
0
10

    Threat Intelligence

    EPSS
    0.26% (66th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHENIFI-480417
  • published 20 Dec 2018
  • disclosed 19 Dec 2018
  • credit Suchithra V N
Report a new vulnerability Found a mistake?

Introduced: 19 Dec 2018

CVE-2018-17192 Open this link in a new tab
CWE-451 Open this link in a new tab

How to fix?

Upgrade org.apache.nifi:nifi-jetty-bundle to version 1.8.0 or higher.

Overview

org.apache.nifi:nifi-jetty-bundle is a Jetty bundle for Nifi

Affected versions of this package are vulnerable to Clickjacking. The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

CVSS Scores

version 3.1
Expand this section

Snyk

3.7 low
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

6.5 medium