Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
CISA added the vulnerability to its catalog, calling for emergency measures to protect federal systems.
In early 2021, an access control bug was fixed in Apache Flink, which is now added to the CISA KEV directory. This means that cybercriminals actively use the vulnerability to compromise their targets.
Apache Flink is an open source streaming and batch data processing platform supported by the Apache Software Foundation.
CVE-2020-17519 (CVSS score: 7.5) is related to incorrect access control that allows an attacker to read any file in the local JobManager file system via the REST interface. The vulnerability affects Apache Flink version 1.11.0 (as well as released in versions 1.11.1 and 1.11.2).
Apache patched the vulnerability in versions 1.11.3 and 1.12.0. Soon after, security researchers published a PoC code. And now, in May 2024, federal agencies and other organizations are still using insecure versions, and criminals are actively exploiting the vulnerability.
CISA did not provide detailed information about vulnerabilities and exploits. In the database, the error status is marked as "unknown", meaning that at the moment it is not known who is abusing the error and for what purpose. Despite this, the Palo Alto Networks Unit 42 warned of widespread abuse between November 2020 and January 2021.
The inclusion of the flaw in the catalog obliges federal agencies to either close the gap or completely stop using the tool by June 13. It is important that other users of the software make sure that the necessary updates are available. It is also recommended to check whether the system was compromised through this vulnerability. Despite the fact that the active use of the error became known only now, it could have been used earlier.
In early 2021, an access control bug was fixed in Apache Flink, which is now added to the CISA KEV directory. This means that cybercriminals actively use the vulnerability to compromise their targets.
Apache Flink is an open source streaming and batch data processing platform supported by the Apache Software Foundation.
CVE-2020-17519 (CVSS score: 7.5) is related to incorrect access control that allows an attacker to read any file in the local JobManager file system via the REST interface. The vulnerability affects Apache Flink version 1.11.0 (as well as released in versions 1.11.1 and 1.11.2).
Apache patched the vulnerability in versions 1.11.3 and 1.12.0. Soon after, security researchers published a PoC code. And now, in May 2024, federal agencies and other organizations are still using insecure versions, and criminals are actively exploiting the vulnerability.
CISA did not provide detailed information about vulnerabilities and exploits. In the database, the error status is marked as "unknown", meaning that at the moment it is not known who is abusing the error and for what purpose. Despite this, the Palo Alto Networks Unit 42 warned of widespread abuse between November 2020 and January 2021.
The inclusion of the flaw in the catalog obliges federal agencies to either close the gap or completely stop using the tool by June 13. It is important that other users of the software make sure that the necessary updates are available. It is also recommended to check whether the system was compromised through this vulnerability. Despite the fact that the active use of the error became known only now, it could have been used earlier.
