What is the severity of CVE-2018-17192?

CVE-2018-17192 has a severity keyword of 'medium' with a severity value of 6.5.

How does CVE-2018-17192 impact Apache NiFi?

CVE-2018-17192 affects Apache NiFi versions 1.0.0 to 1.6.0, where the X-Frame-Options headers were inconsistently applied, potentially allowing clickjacking attacks.

How can I mitigate CVE-2018-17192?

To mitigate CVE-2018-17192, you should update your Apache NiFi software to a version that consistently applies the X-Frame-Options security headers.

Where can I find more information about CVE-2018-17192?

You can find more information about CVE-2018-17192 at the following reference: https://nifi.apache.org/security.html#CVE-2018-17192

Vulnerability/
CVE-2018-17192

medium

6.5

CWE

1021

19/12/2018

20/12/2018

5/8/2024

CVE-2018-17192

Q: What is CVE-2018-17192?

CVE-2018-17192 is a vulnerability where the X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers.

First published: Wed Dec 19 2018(Updated: )

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache NiFi	>=1.0.0<=1.6.0
maven/org.apache.nifi:nifi	>=1.0.0<=1.6.0	1.8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-17192?
CVE-2018-17192 is a vulnerability where the X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers.
What is the severity of CVE-2018-17192?
CVE-2018-17192 has a severity keyword of 'medium' with a severity value of 6.5.
How does CVE-2018-17192 impact Apache NiFi?
CVE-2018-17192 affects Apache NiFi versions 1.0.0 to 1.6.0, where the X-Frame-Options headers were inconsistently applied, potentially allowing clickjacking attacks.
How can I mitigate CVE-2018-17192?
To mitigate CVE-2018-17192, you should update your Apache NiFi software to a version that consistently applies the X-Frame-Options security headers.
Where can I find more information about CVE-2018-17192?
You can find more information about CVE-2018-17192 at the following reference: https://nifi.apache.org/security.html#CVE-2018-17192

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-2xpp-75vr-22vq
alias/CVE-2018-17192
agent/software-canonical-lookup
agent/weakness
agent/softwarecombine
agent/references
agent/description
agent/severity
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/maven
vendor/apache
canonical/apache nifi
version/apache nifi/1.0.0
version/apache nifi/1.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.