CVE-2020-9491: Inadequate Encryption Strength

October 1, 2020 (updated July 21, 2021)

In Apache NiFi, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However, intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

References

nifi.apache.org/security
nvd.nist.gov/vuln/detail/CVE-2020-9491

Code Behaviors & Features

Detect and mitigate CVE-2020-9491 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →