Security News > 2024 > May > CISA Warns of Actively Exploited Apache Flink Security Vulnerability

CISA Warns of Actively Exploited Apache Flink Security Vulnerability
2024-05-23 16:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that


News URL

https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-apache.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-01-05 CVE-2020-17519 Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
network
low complexity
apache CWE-552
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642