Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-17519

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Proposed Action
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.
Ransomware Campaign
Unknown
References
Products affected by CVE-2020-17519
  • Apache » Flink » Version: 1.11.0
    cpe:2.3:a:apache:flink:1.11.0
  • Apache » Flink » Version: 1.11.1
    cpe:2.3:a:apache:flink:1.11.1
  • Apache » Flink » Version: 1.11.2
    cpe:2.3:a:apache:flink:1.11.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved