CISA warns of active exploit targeting old Apache Flink flaw, patch ASAP
Take action: If you are using Apache Fink exposed on the internet, consider whether it can be locked to a trusted internal network. If not, patch ASAP because hackers are exploiting it. If you can move it to internal network, then plan to patch in a less panic mode.
Learn More
CISA has issued an alert regarding a critical vulnerability in Apache Flink, a widely-used open-source framework for processing large streams of data in big data analytics and real-time applications.
The vulnerability, tracked as CVE-2020-17519 (CVSS score 7.5) affects versions 1.11.0, 1.11.1, and 1.11.2. It's an improper access control issue in the JobManager’s REST interface. It allows an attacker to read any file on the local filesystem of the JobManager. A remote unauthenticated attacker can exploit this flaw by sending a specially crafted directory traversal request to gain unauthorized access to sensitive information.
The vulnerability was addressed with the release of Apache Flink versions 1.11.3 and 1.12.0 in January 2021. Users running the affected versions are strongly urged to upgrade to these versions or later to mitigate the associated risks.
For Federal Civilian Executive Branch (FCEB) agencies, CISA has set a deadline of June 13, 2024, to address this vulnerability. All organizations using Apache Flink are advised to prioritize upgrading their systems to the patched versions immediately to protect sensitive information and reduce exposure to potential cyberattacks.
