Security News > 2024 > May > CISA Warns of Actively Exploited Apache Flink Security Vulnerability
2024-05-23 16:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
News URL
https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-apache.html
Related news
- FCC stands up Council on National Security to fight China in ways that CISA used to (source)
- Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure (source)
- CISA fires, now rehires and immediately benches security crew on full pay (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-05 | CVE-2020-17519 | Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2 A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. | 7.5 |