CVE-2020-17519
Apache Flink directory traversal attack: reading remote files through the REST API
Em resumo
O Apache Flink versões 1.11.0 a 1.11.2 possui uma falha que permite ataques lerem qualquer arquivo no disco do servidor através da API REST do JobManager. Isso expõe dados sensíveis que normalmente não seriam acessíveis.
Detalhe técnico
Uma vulnerabilidade de traversal de diretório no Apache Flink 1.11.0–1.11.2 permite que atacantes sem autenticação leiam arquivos arbitrários acessíveis pelo processo JobManager via API REST. A falha não requer autenticação e possibilita divulgação de arquivos de configuração, credenciais e dados da aplicação.
Resumo gerado e traduzido por IA a partir da descrição oficial.
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Produtos afetados
Apache Software Foundation · Apache FlinkPoCs públicas encontradas — 15
githubgithub.com/MrCl0wnLab/SimplesApachePathTraversal★ 62githubgithub.com/B1anda0/CVE-2020-17519★ 48githubgithub.com/murataydemir/CVE-2020-17519★ 8githubgithub.com/dolevf/apache-flink-directory-traversal.nse★ 3githubgithub.com/givemefivw/CVE-2020-17519★ 1githubgithub.com/yaunsky/CVE-2020-17519-Apache-Flink★ 1githubgithub.com/QmF0c3UK/CVE-2020-17519★ 1githubgithub.com/GazettEl/CVE-2020-17519★ 0githubgithub.com/dev-team-12x/CVE-2020-17519★ 0githubgithub.com/radbsie/CVE-2020-17519-Exp★ 0githubgithub.com/Osyanina/westone-CVE-2020-17519-scanner★ 0githubgithub.com/zhangweijie11/CVE-2020-17519★ 0githubgithub.com/shoucheng3/apache__flink_CVE-2020-17519_1-11-2★ 0exploitdbwww.exploit-db.com/exploits/49398não verificadocve_referencepacketstormsecurity.com/files/160849/Apache-Flink-1.11.0-Arbitrary-File-Read-Directory-Traversal.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/160849/Apache-Flink-1.11.0-Arbitrary-File-Read-Directory-Traversal.htmlhttps://lists.apache.org/thread.html/r0a433be10676f4fe97ca423d08f914e0ead341c901216f292d2bbe83%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r2fc60b30557e4a537c2a6293023049bd1c49fd92b518309aa85a0398%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1%40%3Cissues.flink.apache.org%3E