CISA Warns of Actively Exploited Apache Flink Security Vulnerability

Avatar
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2020-17519, the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface.

This also means that a remote unauthenticated attacker could send a specially crafted directory traversal request that could permit unauthorized access to sensitive information.

The vulnerability, which impacts Flink versions 1.11.0, 1.11.1, and 1.11.2, was addressed in January 2021 in versions 1.11.3 or 1.12.0.

The exact nature of the attacks exploiting the flaw is presently unknown, although Palo Alto Networks Unit 42 warned of extensive in-the-wild abuse between November 2020 and January 2021.

“Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021,” security researchers Lei Xu, Yue Guan, and Vaibhav Singhal noted in April 2021.

In light of the active exploitation of CVE-2020-17519, federal agencies are recommended to apply the latest fixes by June 13, 2024, to safeguard their networks against active threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Inside Operation Diplomatic Specter: Chinese APT Group’s Stealthy Tactics Exposed

Next Post

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Related Posts

BlackTech Targets Tech, Research, and Gov Sectors New ‘Deuterbear’ Tool

Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its complexity, as it
Avatar
Read More