CVE-2025-27017

12 Mar 2025

Título es
CVE-2025-27017

Mié, 12/03/2025 – 17:15

Tipo
CWE-538

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27017

Descripción en
Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.

12/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:L/U:Green

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://lists.apache.org/thread/d4n5474jkhp82dvnht13pjtlfx7bhn5q

http://www.openwall.com/lists/oss-security/2025/03/11/1

Enviar en el boletín
Off