CVE-2019-10080 — MEDIUM (6.5)

Q: How severe is CVE-2019-10080?

CVE-2019-10080 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10080?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Nifi.

Vulnerability Description

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Nifi	>= 1.3.0, <= 1.9.2

Related Weaknesses (CWE)

CWE-611

References

FAQ

What is CVE-2019-10080?

CVE-2019-10080 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to servi...

How severe is CVE-2019-10080?

CVE-2019-10080 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10080?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Nifi.