{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T16:54:33.792","vulnerabilities":[{"cve":{"id":"CVE-2020-9487","sourceIdentifier":"security@apache.org","published":"2020-10-01T20:15:14.253","lastModified":"2024-11-21T05:40:44.937","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens."},{"lang":"es","value":"En Apache NiFi versiones 1.0.0 hasta 1.11.4, el mecanismo del token de descarga de NiFi (contraseña de un solo uso) usaba un tamaño de caché fijo y no autenticaba una petición para crear un token de descarga, solo cuando se intentaba usar el token para acceder al contenido. Un usuario no autenticado podría solicitar tokens de descarga de forma repetida, impidiendo que los usuarios legítimos soliciten tokens de descarga"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.11.4","matchCriteriaId":"43022122-9397-48D7-BD86-925042103633"}]}]}],"references":[{"url":"https://nifi.apache.org/security#CVE-2020-9487","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://nifi.apache.org/security#CVE-2020-9487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}