Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2020-17519

Disclosure Date: January 05, 2021 •

CVE-2020-17519 CVSS v3 Base Score: 7.5

Exploited in the Wild

Reported by inokii
View Source Details

Description

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

3.6

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

apache

Products

flink

Metasploit Modules

auxiliary/scanner/http/apache_flink_jobmanager_traversal (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_flink_jobmanager_traversal.rb)

Exploited in the Wild

Reported by:

inokii indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/05/23/cisa-adds-one-known-exploited-vulnerability-catalog)

Reported: June 06, 2024 3:53pm UTC (4 months ago)

References

Canonical

CVE-2020-17519 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17519)

Advisory

[flink-user] 20210105 [CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API (https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E)

[flink-dev] 20210105 [CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API (https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E)

[announce] 20210105 [CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API (https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cannounce.apache.org%3E)

[oss-security] 20210105 [CVE-2020-17519] Apache Flink directory traversal attack: reading remote files through the REST API (http://www.openwall.com/lists/oss-security/2021/01/05/2)

[flink-issues] 20210106 [GitHub] [flink-web] zentol commented on a change in pull request #408: Add security page for Flink (https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034@%3Cissues.flink.apache.org%3E)

[flink-issues] 20210110 [jira] [Updated] (FLINK-20916) Typo in test for CVE-2020-17519 (https://lists.apache.org/thread.html/r2fc60b30557e4a537c2a6293023049bd1c49fd92b518309aa85a0398@%3Cissues.flink.apache.org%3E)

[flink-dev] 20210110 [jira] [Created] (FLINK-20916) Typo in test for CVE-2020-17519 (https://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2@%3Cdev.flink.apache.org%3E)

[flink-issues] 20210110 [jira] [Created] (FLINK-20916) Typo in test for CVE-2020-17519 (https://lists.apache.org/thread.html/r0a433be10676f4fe97ca423d08f914e0ead341c901216f292d2bbe83@%3Cissues.flink.apache.org%3E)

[flink-issues] 20210111 [jira] [Assigned] (FLINK-20916) Typo in test for CVE-2020-17519 (https://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1@%3Cissues.flink.apache.org%3E)

[flink-issues] 20210111 [jira] [Commented] (FLINK-20916) Typo in test for CVE-2020-17519 (https://lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d@%3Cissues.flink.apache.org%3E)

[flink-dev] 20210113 Re: [DISCUSS] Releasing Apache Flink 1.10.3 (https://lists.apache.org/thread.html/ra8c96bf3ccb4e491f9ce87ba35f134b4449beb2a38d1ce28fd89001f@%3Cdev.flink.apache.org%3E)

[flink-dev] 20210115 Re: [DISCUSS] Releasing Apache Flink 1.10.3 (https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1@%3Cdev.flink.apache.org%3E)

[announce] 20210125 Apache Software Foundation Security Report: 2020 (https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E)

[announce] 20210223 Re: Apache Software Foundation Security Report: 2020 (https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E)

Miscellaneous

https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E

http://packetstormsecurity.com/files/160849/Apache-Flink-1.11.0-Arbitrary-File-Read-Directory-Traversal.html

https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E

Rapid7

Technical Analysis