Shulou(Shulou.com)06/01 Report--

This article is to share with you about Apache Flink directory traversal loopholes, the editor feels very practical, so share with you to learn, I hope you can get something after reading this article, say no more, follow the editor to have a look.

Brief introduction of 0x01 vulnerability

January 6, 2021, 360CERT Monitoring found that Apache Flink issued a risk notice for Apache Flink directory traversal vulnerabilities and directory traversal vulnerabilities. The vulnerability number is CVE-2020-17518, and the vulnerability level is high risk, and the vulnerability score is 8.5.

Remote attackers can cause file read / write effects by traversing the REST API directory.

In this regard, 360CERT recommends that the majority of users upgrade Apache Flink to the latest version in time. At the same time, please do a good job of asset self-examination and prevention to avoid hacker attacks.

0x02 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment method, threat level, high risk impact surface, general 360CERT score, 8.50x03 vulnerability details

Apache Flink is an open source stream processing framework developed by the Apache Software Foundation. Its core is a distributed stream data stream engine written in Java and Scala. REST API was introduced in Apache Flink version 1.5.1.

CVE-2020-17518: file write vulnerability

Using REST API, an attacker can modify the HTTP header and write the uploaded file to any location on the local file system (accessible by the Flink 1.5.1 process).

CVE-2020-17519: file read vulnerability

Apache Flink 1.11.0 allows an attacker to read any file on the JobManager local file system (accessible to the JobManager process) through the REST API of the JobManager process.

0x04 affects version CVE-2020-17519

-Apache:Apache Flink: 1.11.0,1.11.1,1.11.2

CVE-2020-17519

-Apache:Apache Flink: 1.5.1-1.11.2

0x05 repair recommendation General repair recommendation

All users upgrade to Flink 1.11.3 or 1.12.0, and the download link is:

Https://flink.apache.org/downloads.html

Https://flink.apache.org/downloads.html

0x06 related spatial mapping data

Through surveying and mapping the assets of the whole network, it is found that the specific distribution of Apache Flink products is shown in the following figure.

0x07 product side solution 360city-level network security monitoring service

360CERT's security analysts use the QUAKE Asset Mapping platform (quake.360.cn) of the secure brain to monitor the vulnerability through asset mapping technology. You can contact the relevant product area leader or (quake#360.cn) to obtain the corresponding product.

The above is what the Apache Flink directory traversal loophole is, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.