CVE-2024-52067: Sensitive Data Exposed in Apache NiFi Debug Logs - #CVE-2024-52067
A newly identified vulnerability in Apache NiFi, CVE-2024-52067, threatens sensitive data exposure through debug logs in versions 1.16.0 to 1.28.0 and 2.0.0-M1 to 2.0.0-M4. This issue stems from an optional debug logging feature that can expose parameter names and values if logging levels are adjusted by administrators. While the default Logback configuration remains unaffected, custom configurations are at risk. To mitigate this, users should upgrade to versions 2.0.0 or 1.28.1, which resolve the problem by no longer logging parameter values during flow synchronization. The vulnerability highlights the importance of careful logging configuration and timely updates to maintain data security.