[nifi-site] branch main updated: NIFI-9780 - Updated security.html with version correction and reporter github.

Wed, 06 Apr 2022 11:08:09 -0700 

This is an automated email from the ASF dual-hosted git repository.

thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-site.git


The following commit(s) were added to refs/heads/main by this push:
     new 04479c3  NIFI-9780 - Updated security.html with version correction and 
reporter github.
04479c3 is described below

commit 04479c3faa63fb0c56fa98377c868fd0403224fd
Author: Nathan Gough <[email protected]>
AuthorDate: Wed Apr 6 13:55:47 2022 -0400

    NIFI-9780 - Updated security.html with version correction and reporter 
github.
---
 src/pages/html/security.hbs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index bcacf0d..0f5ee58 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -71,12 +71,12 @@ title: Apache NiFi Security Reports
         <p>Severity: <strong>Medium</strong></p>
         <p>Versions Affected:</p>
         <ul>
-            <li>Apache NiFi 1.14.0 - 1.15.1</li>
+            <li>Apache NiFi 1.14.0 - 1.15.3</li>
         </ul>
         </p>
         <p>Description: When creating or updating credentials for single-user 
access, NiFi wrote a copy of the Login Identity Providers configuration to the 
operating system temporary directory. On most platforms, the operating system 
temporary directory has global read permissions. NiFi immediately moved the 
temporary file to the final configuration directory, which significantly 
limited the window of opportunity for access.</p>
         <p>Mitigation: NiFi 1.16.0 includes updates to replace the Login 
Identity Providers configuration without writing a file to the operating system 
temporary directory.</p>
-        <p>Credit: This issue was discovered by Jonathan Leitschuh 
(https://twitter.com/jlleitschuh).</p>
+        <p>Credit: This issue was discovered by Jonathan Leitschuh 
(https://twitter.com/jlleitschuh). Report available here: <a 
href="https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq";
 target="_blank">JLLeitschuh Github</a></p>
         <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26850"; 
target="_blank">Mitre Database: CVE-2022-26850</a></p>
         <p>NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-9785"; 
target="_blank">NIFI-9785</a></p>
         <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/5856"; 
target="_blank">PR 5856</a></p>

Reply via email to