⚠ Actively exploited
Added to CISA KEV on 2024-05-23. Federal agencies required to patch by 2024-06-13. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2020-17519Files or Directories Accessible to External Parties in Apache Flink

CWE-552Files or Directories Accessible to External PartiesCWE-22Path Traversal13 documents12 sources
Severity
7.5HIGHNVD
EPSS
94.3%
top 0.05%
CISA KEV
KEV
Added 2024-05-23
Due 2024-06-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apache FlinkApache Software Foundation Apache Flink
Timeline
PublishedJan 5
KEV addedMay 23
Latest updateMay 30
KEV dueJun 13
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/flink1.11.01.11.3
CVEListV5apache_software_foundation/apache_flinkApache Flink 1.11.0 to 1.11.2

🔴Vulnerability Details

4
GHSA
Path Traversal in Apache Flink2021-01-06
OSV
Path Traversal in Apache Flink2021-01-06
CVEList
Apache Flink directory traversal attack: reading remote files through the REST API2021-01-05
VulnCheck
Apache Flink Improper Access Control Vulnerability2020

💥Exploits & PoCs

2
Exploit-DB
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)2021-01-08
Nuclei
Apache Flink - Local File Inclusion

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Apache Flink Arbitrary File Read Attempt (CVE-2020-17519)2024-05-30

📋Vendor Advisories

3
CISA
Apache Flink Improper Access Control Vulnerability2024-05-23
Red Hat
apache-flink: directory traversal attack allows reading remote files through the REST API2021-01-05
Apache
Apache flink: CVE-2020-17519

🕵️Threat Intelligence

1
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)2021-04-12
CVE-2020-17519 — Apache Flink vulnerability | cvebase