CISA Issues Alert over Active Exploitation of Apache Flink Vulnerability

May 23, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw affecting Apache Flink, an open-source unified stream-processing and batch-processing framework. This inclusion is based on evidence of active exploitation of the flaw.

The vulnerability, identified as CVE-2020-17519, involves a case of improper access control. This flaw could potentially enable an attacker to read any file on the local filesystem of the JobManager through its REST interface. Further, a remote unauthenticated attacker could send a specially crafted directory traversal request that could allow unauthorized access to sensitive information.

This vulnerability affects Flink versions 1.11.0, 1.11.1, and 1.11.2. However, it was addressed in January 2021 with the release of versions 1.11.3 or 1.12.0.

The specifics of the attacks exploiting this flaw are currently unknown. However, Palo Alto Networks Unit 42 has warned of extensive abuse of the vulnerability in-the-wild between November 2020 and January 2021. In a quote from April 2021, security researchers Lei Xu, Yue Guan, and Vaibhav Singhal noted, 'Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.'

Given the ongoing exploitation of CVE-2020-17519, federal agencies are advised to apply the latest fixes by June 13, 2024, to protect their networks from active threats.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.