Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
Typemaven
Namespaceorg.apache.nifi
Namenifi-single-user-utils
Version1.16.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dmw5-6pw6-j3d6
vulnerability_id VCID-dmw5-6pw6-j3d6
summary 
Insufficiently Protected Credentials
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26850
reference_id
reference_type
scores
0
value 0.01879
scoring_system epss
scoring_elements 0.83101
published_at 2026-04-04T12:55:00Z
1
value 0.01879
scoring_system epss
scoring_elements 0.83179
published_at 2026-04-21T12:55:00Z
2
value 0.01879
scoring_system epss
scoring_elements 0.83176
published_at 2026-04-18T12:55:00Z
3
value 0.01879
scoring_system epss
scoring_elements 0.83138
published_at 2026-04-13T12:55:00Z
4
value 0.01879
scoring_system epss
scoring_elements 0.83148
published_at 2026-04-11T12:55:00Z
5
value 0.01879
scoring_system epss
scoring_elements 0.83131
published_at 2026-04-09T12:55:00Z
6
value 0.01879
scoring_system epss
scoring_elements 0.83124
published_at 2026-04-08T12:55:00Z
7
value 0.01879
scoring_system epss
scoring_elements 0.83099
published_at 2026-04-07T12:55:00Z
8
value 0.01879
scoring_system epss
scoring_elements 0.83088
published_at 2026-04-02T12:55:00Z
9
value 0.01879
scoring_system epss
scoring_elements 0.83142
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26850
1
reference_url https://github.com/apache/nifi/commit/859d5fe
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/859d5fe
2
reference_url https://github.com/apache/nifi/commit/859d5fe8cfe05ad24600b021f0ebf15753a8105c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/859d5fe8cfe05ad24600b021f0ebf15753a8105c
3
reference_url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq
4
reference_url https://nifi.apache.org/security.html#CVE-2022-26850
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-26850
5
reference_url http://www.openwall.com/lists/oss-security/2022/04/06/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/06/2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26850
reference_id CVE-2022-26850
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26850
7
reference_url https://github.com/advisories/GHSA-rvp4-r3g6-8hxq
reference_id GHSA-rvp4-r3g6-8hxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvp4-r3g6-8hxq
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16
1
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
aliases CVE-2022-26850, GHSA-rvp4-r3g6-8hxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmw5-6pw6-j3d6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0