Vulnerability Description
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nifi | <= 0.7.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99009Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac
- http://www.securityfocus.com/bid/99009Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac
FAQ
What is CVE-2017-7665?
CVE-2017-7665 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
How severe is CVE-2017-7665?
CVE-2017-7665 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7665?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Nifi.