CVE-2019-12421 — HIGH (8.8)

Q: How severe is CVE-2019-12421?

CVE-2019-12421 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-12421?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Nifi.

Vulnerability Description

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Nifi	>= 1.0.0, <= 1.9.2

Related Weaknesses (CWE)

CWE-613

References

FAQ

What is CVE-2019-12421?

CVE-2019-12421 is a vulnerability with a CVSS score of 8.8 (HIGH). When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server ...

How severe is CVE-2019-12421?

CVE-2019-12421 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12421?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Nifi.