CVE-2025-27017

MEDIUM Year: 2025
Weakness Type
CWE-538
View all →

Vulnerability Description

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.

Related Vulnerabilities

CVE-2024-22433

CRITICAL
CVSS:9.8(Critical)

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker co...

CWE-5382024

CVE-2019-15793

HIGH
CVSS:8.8(High)

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lo...

CWE-5382019

CVE-2021-40363

HIGH
CVSS:7.8(High)

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions <...

CWE-5382021

CVE-2022-4318

HIGH
CVSS:7.8(High)

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CWE-5382022

CVE-2016-10399

HIGH
CVSS:7.5(High)

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted U...

CWE-5382016

CVE-2019-6851

HIGH
CVSS:7.5(High)

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of in...

CWE-5382019