漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficiently protected credentials
Vulnerability Description
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache NiFi 安全漏洞
Vulnerability Description
Apache NiFi是美国阿帕奇(Apache)基金会的一套数据处理和分发系统。该系统主要用于数据路由、转换和系统中介逻辑。 Apache NiFi存在安全漏洞,该漏洞源于在为单用户访问创建或更新凭据时,Apache NiFi将登录标识提供程序配置的副本写入操作系统的临时目录。在大多数平台上,操作系统的临时目录具有全局读取权限。Apache NiFi 1.16.0版本包含更新,以替换登录标识提供程序配置,而无需将文件写入操作系统临时目录。
CVSS Information
N/A
Vulnerability Type
N/A