CVE-2020-17518 Scanner
Detects 'Path Traversal' vulnerability in Apache Software Foundation Apache Flink affects v. 1.5.1 to 1.11.2.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
30 sec
Scan only one
Url
Parent Category
CVE-2020-17518 Scanner Detail
Apache Flink is a powerful distributed computing framework designed to process large volumes of data. It is an open-source software that supports both batch and stream processing and boasts an incredibly fast processing speed. Apache Flink has become a popular tool in the data processing industry for its ability to handle complex data analytics tasks in a cost-effective and efficient manner.
CVE-2020-17518 is a vulnerability that was discovered in Apache Flink 1.5.1, which allows an attacker to upload and write arbitrary files to the server. This vulnerability is caused by a flaw in the software's REST handler, which fails to properly validate user input. This means that a malicious user could potentially execute unauthorized code on the server, leading to a range of serious consequences.
If exploited, this vulnerability could lead to the complete compromise of a server running Apache Flink 1.5.1, thereby exposing any sensitive information that the server may hold. This may include personally identifiable information, financial information, or other confidential data. Additionally, an attacker could use the compromised server to launch further attacks against other systems or networks.
In conclusion, it is essential to stay up-to-date with the latest vulnerabilities in all of your digital assets. With the pro features of the securityforeveryone.com platform, you can easily and quickly identify any potential vulnerabilities and take the necessary steps to protect your business and customers. Don't become a victim of cybercrime, stay informed and stay protected.
REFERENCES
- https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E
- lists.apache.org: [flink-dev] 20210105 [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API
- lists.apache.org: [flink-user] 20210105 [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API
- lists.apache.org: [announce] 20210105 [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API
- openwall.com: [oss-security] 20210105 [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API
- lists.apache.org: [flink-issues] 20210106 [GitHub] [flink-web] zentol commented on a change in pull request #408: Add security page for Flink
- lists.apache.org: [flink-dev] 20210106 [jira] [Created] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210106 [jira] [Created] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210107 [jira] [Updated] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210107 [jira] [Closed] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210107 [jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210112 [jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-dev] 20210113 Re: [DISCUSS] Releasing Apache Flink 1.10.3
- lists.apache.org: [flink-issues] 20210114 [jira] [Reopened] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210114 [jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210114 [jira] [Closed] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210114 [jira] [Updated] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210114 [jira] [Comment Edited] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10
- lists.apache.org: [flink-issues] 20210114 [jira] [Updated] (FLINK-20875) [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API
- lists.apache.org: [flink-issues] 20210114 [jira] [Commented] (FLINK-20875) [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API
- lists.apache.org: [flink-dev] 20210115 Re: [DISCUSS] Releasing Apache Flink 1.10.3
- lists.apache.org: [flink-dev] 20210121 Re: [VOTE] Release 1.10.3, release candidate #1
- lists.apache.org: [announce] 20210125 Apache Software Foundation Security Report: 2020
- lists.apache.org: [announce] 20210223 Re: Apache Software Foundation Security Report: 2020
- https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E
control security posture