【Vulnerability Alert】High-Risk Security Vulnerability in Apache Flink (CVE-2020-17519) – Please Verify and Patch Immediately
publish date :
2024-05-30
update date :
2024-05-30
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024053010052323 | Publication Time | 2024/05/30 10:57 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/05/30 10:57 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability in Apache Flink (CVE-2020-17519) – Please Verify and Patch Immediately |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202405-00000222 Researchers have identified a Directory Traversal vulnerability (CVE-2020-17519) in Apache Flink. Remote attackers without authentication can exploit this vulnerability via the JobManager process's REST interface to read arbitrary files from the local file system. This vulnerability has already been exploited by hackers. Please verify and take appropriate measures immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] Apache Flink versions 1.11.0, 1.11.1, and 1.11.2 |
|||
[Recommended Actions] The official fix has been released. Please update to the following versions: Apache Flink version 1.11.3 or later Apache Flink version 1.12.0 or later As this vulnerability affects open-source software, please refer to the respective vendors' instructions for the actual patching methods. |
|||
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2020-17519 2. https://lists.apache.org/thread/typ0h03zyfrzjqlnb7plh64df1g2383d |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center