Known vulnerabilities in Apache Foundation Apache Nifi 1.15.2

Known vulnerabilities in Apache Foundation Apache Nifi 1.15.2

Vendor: Apache Foundation

Website: https://www.apache.org

Total Security Bulletins: 10

Security bulletins (10)

Secuity bulletin	Severity	Status	Published
SB2025032715: MongoDB credentials disclosure in Apache NiFi	Low	Patched	27.03.2025
SB2024122803: Missing authorization in Apache NiFi	Low	Patched Public exploit	28.12.2024
SB2024102861: Stored XSS in Apache NiFi	Low	Patched	28.10.2024
SB2024071080: Stored cross-site scripting in Apache Nifi	Low	Patched	10.07.2024
SB2023112854: Cross-site scripting in Apache NiFi	Low	Patched	28.11.2023
SB2023080112: Privilege escalation in Apache NiFi	Low	Patched	01.08.2023
SB2023061353: Multiple vulnerabilities in Apache Nifi	Medium	Patched Public exploit	13.06.2023
SB2023021012: XXE in Apache NiFi	High	Patched	10.02.2023
SB2022061530: OS Command Injection in Apache NiFi	Medium	Patched	15.06.2022
SB2022041116: Unprotected storage of credentials in Apache NiFi	Low	Patched	11.04.2022