CVE-2020-17519
Description
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
- CVSS Version 3.1
- CVSS Version 2.0
CVE ID: CVE-2020-17519
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9
CVE ID: CVE-2020-17519
Base Score: 9.1
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
CVE ID: CVE-2020-17519
Base Score: 5.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:N/C:P/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-17519
Refrence: Project Discovery GitHub
B1anda0
Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)
Refrence: GitHub
QmF0c3UK
Refrence: GitHub
dolevf
Apache Flink Directory Traversal (CVE-2020-17519) Nmap NSE Script
Refrence: GitHub
hoanx4
CVE-2020-17519
Refrence: GitHub
murataydemir
[CVE-2020-17519] Apache Flink RESTful API Arbitrary File Read
Refrence: GitHub
radbsie
CVE-2020-17519 EXP
Refrence: GitHub
yaunsky
CVE-2020-17519; Apache Flink 任意文件读取; 批量检测
Refrence: GitHub
Osyanina
A vulnerability scanner that detects CVE-2020-17519 vulnerabilities.
Refrence: GitHub
givemefivw
CVE-2020-17519 Cheetah
Refrence: GitHub
MrCl0wnLab
Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
Refrence: GitHub
zhangweijie11
Refrence: GitHub