Enhancement: vulnerabilities/apache/apache-flink-unauth-rce.yaml by mp

2022-05-23 15:33:34 -04:00 · 2022-05-23 15:33:34 -04:00 · 0880da19a4
parent 7f0af0edb8
commit 0880da19a4
1 changed files with 10 additions and 2 deletions
--- a/vulnerabilities/apache/apache-flink-unauth-rce.yaml
+++ b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
@ -1,13 +1,19 @@
 id: apache-flink-unauth-rce

 info:
-  name: Apache Flink Unauth RCE
+  name: Apache Flink - Remote Code Execution
  author: pikpikcu
  severity: critical
-  reference:
+  description: Apache Flink
+  reference: Apache Flink contains an unauthenticated remote code execution vulnerability.
    - https://www.exploit-db.com/exploits/48978
    - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3
    - https://github.com/LandGrey/flink-unauth-rce
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id:
+    cwe-id: CWE-77
  tags: apache,flink,rce,intrusive,unauth

 requests:
@ -40,3 +46,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/05/23