The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2020-17519, the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface.
This also means that a remote unauthenticated attacker could send a specially crafted directory traversal request that could permit unauthorized access to sensitive information.
The vulnerability, which impacts Flink versions 1.11.0, 1.11.1, and 1.11.2, was addressed in January 2021 in versions 1.11.3 or 1.12.0.
The exact nature of the attacks exploiting the flaw is presently unknown, although Palo Alto Networks Unit 42 warned of extensive in-the-wild abuse between November 2020 and January 2021.
“Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021,” security researchers Lei Xu, Yue Guan, and Vaibhav Singhal noted in April 2021.
In light of the active exploitation of CVE-2020-17519, federal agencies are recommended to apply the latest fixes by June 13, 2024, to safeguard their networks against active threats.
