How severe is CVE-2024-52067?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-52067?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2024-52067

MEDIUM Year: 2024

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-532

View all →

Vulnerability Description

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration.

CVE-2017-16946

MEDIUM

CVSS:4.9(Medium)

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

CWE-5322017

CVE-2019-0380

MEDIUM

CVSS:4.9(Medium)

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Dis...

CWE-5322019

CVE-2019-19150

MEDIUM

CVSS:4.9(Medium)

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached t...

CWE-5322019

CVE-2019-1961

MEDIUM

CVSS:4.9(Medium)

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected dev...

CWE-5322019

CVE-2020-7021

MEDIUM

CVSS:4.9(Medium)

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive...

CWE-5322020

CVE-2021-22219

MEDIUM

CVSS:4.9(Medium)

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtai...

CWE-5322021

CVE-2024-52067

Vulnerability Description

Related Vulnerabilities

CVE-2017-16946

CVE-2019-0380

CVE-2019-19150

CVE-2019-1961

CVE-2020-7021

CVE-2021-22219