CVE-2020-17518 : Security Advisory and Response
Learn about CVE-2020-17518 affecting Apache Flink 1.5.1 to 1.11.2, enabling remote file writing through a directory traversal attack via the REST API. Find mitigation steps and necessary updates.
Apache Flink 1.5.1 to 1.11.2 allows remote file writing through a directory traversal attack via the REST API.
Understanding CVE-2020-17518
Apache Flink vulnerability enabling malicious file writing through the REST API.
What is CVE-2020-17518?
- Apache Flink 1.5.1 introduced a REST handler allowing file writing to any accessible location.
The Impact of CVE-2020-17518
- Attackers can write files to arbitrary locations on the local file system.
Technical Details of CVE-2020-17518
Apache Flink vulnerability details and affected systems.
Vulnerability Description
- Introduced in Apache Flink 1.5.1, the REST handler permits file writing through HTTP HEADER manipulation.
Affected Systems and Versions
- Product: Apache Flink
- Vendor: Apache Software Foundation
- Versions: 1.5.1 to 1.11.2
Exploitation Mechanism
- Malicious HTTP HEADER modification allows writing files to any accessible location.
Mitigation and Prevention
Protective measures and steps to address CVE-2020-17518.
Immediate Steps to Take
- Upgrade to Flink 1.11.3 or 1.12.0 if using affected versions.
Long-Term Security Practices
- Implement strict input validation to prevent directory traversal attacks.
- Regularly monitor and update security patches.
- Follow secure coding practices to mitigate similar vulnerabilities.
Patching and Updates
- Apply the fix in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.