Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dmw5-6pw6-j3d6
Summary
Insufficiently Protected Credentials
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.
Aliases
0
alias CVE-2022-26850
1
alias GHSA-rvp4-r3g6-8hxq
Fixed_packages
0
url pkg:maven/org.apache.nifi/nifi@1.16.0
purl pkg:maven/org.apache.nifi/nifi@1.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-g74u-zmqj-gyb7
4
vulnerability VCID-hy35-v2p5-2ycq
5
vulnerability VCID-rv8f-q4a4-xqbk
6
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.16.0
1
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.16.0
Affected_packages
0
url pkg:maven/org.apache.nifi/nifi@1.14.0
purl pkg:maven/org.apache.nifi/nifi@1.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rn4r-36ab-sfey
7
vulnerability VCID-rv8f-q4a4-xqbk
8
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.14.0
1
url pkg:maven/org.apache.nifi/nifi@1.15.0
purl pkg:maven/org.apache.nifi/nifi@1.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rn4r-36ab-sfey
7
vulnerability VCID-rv8f-q4a4-xqbk
8
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.0
2
url pkg:maven/org.apache.nifi/nifi@1.15.1
purl pkg:maven/org.apache.nifi/nifi@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rv8f-q4a4-xqbk
7
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.1
3
url pkg:maven/org.apache.nifi/nifi@1.15.2
purl pkg:maven/org.apache.nifi/nifi@1.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rv8f-q4a4-xqbk
7
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.2
4
url pkg:maven/org.apache.nifi/nifi@1.15.3
purl pkg:maven/org.apache.nifi/nifi@1.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eka-p4cs-f3dz
1
vulnerability VCID-4uja-72yx-6qdc
2
vulnerability VCID-bpqd-tx8f-kycf
3
vulnerability VCID-dmw5-6pw6-j3d6
4
vulnerability VCID-g74u-zmqj-gyb7
5
vulnerability VCID-hy35-v2p5-2ycq
6
vulnerability VCID-rv8f-q4a4-xqbk
7
vulnerability VCID-xhjy-xmhq-abh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi@1.15.3
5
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.14.0
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dmw5-6pw6-j3d6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.14.0
6
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.0
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dmw5-6pw6-j3d6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.0
7
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.1
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dmw5-6pw6-j3d6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.1
8
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.2
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dmw5-6pw6-j3d6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.2
9
url pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.3
purl pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dmw5-6pw6-j3d6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-single-user-utils@1.15.3
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26850
reference_id
reference_type
scores
0
value 0.01879
scoring_system epss
scoring_elements 0.83101
published_at 2026-04-04T12:55:00Z
1
value 0.01879
scoring_system epss
scoring_elements 0.83179
published_at 2026-04-21T12:55:00Z
2
value 0.01879
scoring_system epss
scoring_elements 0.83176
published_at 2026-04-18T12:55:00Z
3
value 0.01879
scoring_system epss
scoring_elements 0.83138
published_at 2026-04-13T12:55:00Z
4
value 0.01879
scoring_system epss
scoring_elements 0.83148
published_at 2026-04-11T12:55:00Z
5
value 0.01879
scoring_system epss
scoring_elements 0.83131
published_at 2026-04-09T12:55:00Z
6
value 0.01879
scoring_system epss
scoring_elements 0.83124
published_at 2026-04-08T12:55:00Z
7
value 0.01879
scoring_system epss
scoring_elements 0.83099
published_at 2026-04-07T12:55:00Z
8
value 0.01879
scoring_system epss
scoring_elements 0.83088
published_at 2026-04-02T12:55:00Z
9
value 0.01879
scoring_system epss
scoring_elements 0.83142
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26850
1
reference_url https://github.com/apache/nifi/commit/859d5fe
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/859d5fe
2
reference_url https://github.com/apache/nifi/commit/859d5fe8cfe05ad24600b021f0ebf15753a8105c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/859d5fe8cfe05ad24600b021f0ebf15753a8105c
3
reference_url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq
4
reference_url https://nifi.apache.org/security.html#CVE-2022-26850
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nifi.apache.org/security.html#CVE-2022-26850
5
reference_url http://www.openwall.com/lists/oss-security/2022/04/06/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/06/2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26850
reference_id CVE-2022-26850
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26850
7
reference_url https://github.com/advisories/GHSA-rvp4-r3g6-8hxq
reference_id GHSA-rvp4-r3g6-8hxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvp4-r3g6-8hxq
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 668
name Exposure of Resource to Wrong Sphere
description The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 522
name Insufficiently Protected Credentials
description The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dmw5-6pw6-j3d6