HTTP: Apache Flink JobManagerCustomLogHandler Directory Traversal

This signature detects attempts to exploit a known vulnerability against Apache Flink. A successful attack can lead to directory traversal and arbitrary code execution.

Extended Description

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

Affected Products

Apache flink

Short Name
HTTP:APACHE:FLINK-JBMNGR-DIRTRV
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2020-17519 Directory Flink JobManagerCustomLogHandler Traversal
Release Date
01/19/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Apache

CVSS Score

5.0

Found a potential security threat?