In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-04T10:26:16.409Z
Reserved: 2020-03-01T00:00:00
Link: CVE-2020-9491

No data.

Status : Modified
Published: 2020-10-01T20:15:14.330
Modified: 2024-11-21T05:40:45.750
Link: CVE-2020-9491

No data.

No data.