Description
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
Remediation
References
https://nifi.apache.org/security.html#CVE-2017-5635
http://www.securityfocus.com/bid/96730
Related Vulnerabilities
CVE-2022-22984 Vulnerability in npm package snyk-gradle-plugin
CVE-2021-43307 Vulnerability in maven package org.webjars.npm:semver-regex
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13
CVE-2021-34801 Vulnerability in npm package valine
CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui