svn commit: r1899626 - /nifi/site/trunk/security.html

Wed, 06 Apr 2022 11:11:52 -0700 

Author: thenatog
Date: Wed Apr  6 18:11:49 2022
New Revision: 1899626

URL: http://svn.apache.org/viewvc?rev=1899626&view=rev
Log:
NIFI-9780 - Updated security.html with version correction and reporter github.

Modified:
    nifi/site/trunk/security.html

Modified: nifi/site/trunk/security.html
URL: 
http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1899626&r1=1899625&r2=1899626&view=diff
==============================================================================
--- nifi/site/trunk/security.html (original)
+++ nifi/site/trunk/security.html Wed Apr  6 18:11:49 2022
@@ -177,12 +177,12 @@
         <p>Severity: <strong>Medium</strong></p>
         <p>Versions Affected:</p>
         <ul>
-            <li>Apache NiFi 1.14.0 - 1.15.1</li>
+            <li>Apache NiFi 1.14.0 - 1.15.3</li>
         </ul>
         </p>
         <p>Description: When creating or updating credentials for single-user 
access, NiFi wrote a copy of the Login Identity Providers configuration to the 
operating system temporary directory. On most platforms, the operating system 
temporary directory has global read permissions. NiFi immediately moved the 
temporary file to the final configuration directory, which significantly 
limited the window of opportunity for access.</p>
         <p>Mitigation: NiFi 1.16.0 includes updates to replace the Login 
Identity Providers configuration without writing a file to the operating system 
temporary directory.</p>
-        <p>Credit: This issue was discovered by Jonathan Leitschuh 
(https://twitter.com/jlleitschuh).</p>
+        <p>Credit: This issue was discovered by Jonathan Leitschuh 
(https://twitter.com/jlleitschuh). Report available here: <a 
href="https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq";
 target="_blank">JLLeitschuh Github</a></p>
         <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26850"; 
target="_blank">Mitre Database: CVE-2022-26850</a></p>
         <p>NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-9785"; 
target="_blank">NIFI-9785</a></p>
         <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/5856"; 
target="_blank">PR 5856</a></p>

Reply via email to