Identity Leakage in Apache NiFi Cluster Environment

Identity Leakage in Apache NiFi Cluster Environment

CVE-2017-5635 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

Learn more about our Cis Benchmark Audit For Apache Http Server.