A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
References
Configurations
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
17 Mar 2021, 16:40
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E - Exploit, Mailing List, Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E - Mailing List, Vendor Advisory |
02 Mar 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Feb 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2021, 17:08
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2@%3Cdev.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/160849/Apache-Flink-1.11.0-Arbitrary-File-Read-Directory-Traversal.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.apache.org/thread.html/r0a433be10676f4fe97ca423d08f914e0ead341c901216f292d2bbe83@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2fc60b30557e4a537c2a6293023049bd1c49fd92b518309aa85a0398@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1@%3Cdev.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ra8c96bf3ccb4e491f9ce87ba35f134b4449beb2a38d1ce28fd89001f@%3Cdev.flink.apache.org%3E - Mailing List, Vendor Advisory |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jan 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jan 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jan 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jan 2021, 14:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* | |
CWE | CWE-552 | |
References | (MISC) https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034@%3Cissues.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/05/2 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E - Mailing List, Vendor Advisory |
06 Jan 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-05 12:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-17519
Mitre link : CVE-2020-17519
CVE.ORG link : CVE-2020-17519
JSON object : View
Products Affected
apache
- flink
CWE
CWE-552
Files or Directories Accessible to External Parties