Cyber Security

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

May 23, 2024NewsroomThreat Intelligence / Vulnerability,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2020-17519, the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface.

This also means that a remote unauthenticated attacker could send a specially crafted directory traversal request that could permit unauthorized access to sensitive information.

The vulnerability, which impacts Flink versions 1.11.0, 1.11.1, and 1.11.2, was addressed in January 2021 in versions 1.11.3 or 1.12.0.


The exact nature of the attacks exploiting the flaw is presently unknown, although Palo Alto Networks Unit 42 warned of extensive in-the-wild abuse between November 2020 and January 2021.

“Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021,” security researchers Lei Xu, Yue Guan, and Vaibhav Singhal noted in April 2021.

In light of the active exploitation of CVE-2020-17519, federal agencies are recommended to apply the latest fixes by June 13, 2024, to safeguard their networks against active threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Amazon, Best Buy, Google may soon sell home smart devices with ‘hacker-safe’ label
Microsoft is outsourcing its best AI, tech CEO says — and that’s good news for Google
Samsung Galaxy S25 Ultra US Variant Allegedly Spotted on IMEI Website
Apple WWDC 2024 Keynote Today: How to Watch Livestream, Full Event Schedule and What to Expect
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution