Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.18.0
Description
Not sure it's bug, but security breach. With expression language i can view content of sensitive parameter from parameter context. For example:
- Create parameter context with sensitive parameter
- Create variable with name of this sensitive parameter #{sample}
- Create simple flow with EL expression: ${secret:evaluateELString()}
- Content of this flowfile will contain sensitive value from parameter
I suppose evaluateELString shouldn't access to sensitive parameters.
Attachments
Attachments
Issue Links
- causes
-
NIFI-11763 evaluateELString not evaluating ContextParameters
- Resolved
- links to