CyberSecurityBoard
Sponsor Register Login

Apache NiFi Vulnerability Let Attackers Access MongoDB Username & Passwords

This exposure creates a significant security risk, as compromised database credentials could lead to unauthorized data access, manipulation, or exfiltration of sensitive information stored in MongoDB databases connected to the NiFi instance. For organizations unable to upgrade immediately, implementing strict access controls for provenance data and conducting security audits to detect potential credential exposure are recommended as temporary measures. This vulnerability serves as a reminder of the importance of comprehensive security auditing across all components of data processing systems, particularly focusing on how authentication credentials are handled throughout the application lifecycle. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability stems from Apache NiFi’s improper handling of authentication credentials in its provenance event logging functionality.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Mar 2025 15:20:36 +0000


Cyber News related to Apache NiFi Vulnerability Let Attackers Access MongoDB Username & Passwords

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
MongoDB Cyber Attack, Customer Data Exposed - MongoDB has experienced a security incident in which unauthorized access to its corporate systems was identified. The company confirmed that there was no evidence of access to any customer's system logs. MongoDB is currently investigating the ...
1 year ago Cybersecuritynews.com
Apache NiFi Vulnerability Let Attackers Access MongoDB Username & Passwords - This exposure creates a significant security risk, as compromised database credentials could lead to unauthorized data access, manipulation, or exfiltration of sensitive information stored in MongoDB databases connected to the NiFi instance. For ...
4 hours ago Cybersecuritynews.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
1 year ago Securityboulevard.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
1 year ago Ghacks.net
CVE-2021-32050 - Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are ...
1 year ago
MongoDB confirms customer data was exposed in a cyberattack - MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week. In emails sent to MongoDB customers from CISO Lena Smart, the company says they ...
1 year ago Bleepingcomputer.com
MongoDB says customer data was exposed in a cyberattack - MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week. In emails sent to MongoDB customers from CISO Lena Smart, the company says they ...
1 year ago Bleepingcomputer.com
CVE-2025-27017 - Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of ...
1 day ago
CVE-2022-33140 - The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. ...
2 years ago
CVE-2020-7922 - X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the ...
5 months ago
CVE-2024-7553 - Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of ...
5 months ago
CVE-2023-0436 - The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: ...
7 months ago
CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
CVE-2024-52067 - Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug ...
3 months ago Tenable.com
Jason's Deli Restaurant Chain Hit by a Credential Stuffing Attack - The personal information of more than 340,000 customers of popular restaurant chain Jason's Deli may have been victims of a credential stuffing attack, a scheme in which the hacker uses stolen or leaked credentials to log into other online accounts. ...
1 year ago Securityboulevard.com
MongoDB says hackers accessed corporate systems containing customer info - Hackers infiltrated the systems of billion-dollar software giant MongoDB and accessed customer information during a recent cybersecurity incident, the company said over the weekend. MongoDB is one of the largest database software companies currently ...
1 year ago Therecord.media
CVE-2024-8207 - In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended ...
6 months ago
How to use the Apple Passwords app - Help Net Security - The app’s Security section informs you if you have chosed easily guessable or reused passwords, or if that particular password has been compromised (i.e., appears in public data leaks). To edit passwords, select the “All” section and then ...
5 months ago Helpnetsecurity.com
CVE-2020-7924 - Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: ...
5 months ago
CVE-2024-10921 - An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to ...
3 months ago Tenable.com
CVE-2021-20335 - For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where ...
5 months ago
CVE-2024-1351 - Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open ...
1 year ago
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is that countless remaining devices and systems have been aging and based on password ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)