Origin Validation Error
CVE-2017-7667
Summary
Apache NiFi versions through 0.7.3, and 1.0.0-BETA through 1.2.0 are vulnerable to Origin Validation Error, which needs to establish the response header telling browsers to only allow framing with the same origin.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.
References
Advisory Timeline
- Published