Main
Vulnerability Database
Exploits
ID:5180 - Exploit for Information disclosure in Flink - CVE-2020-17519
ID:5180 - Exploit for Information disclosure in Flink - CVE-2020-17519
Published: February 25, 2021
Vulnerability identifier: #VU49273
Vulnerability risk: Medium
CVE-ID: CVE-2020-17519
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
Flink
Flink
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to application allows to read arbitrary files on the system of the JobManager through the REST interface of the JobManager process. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
Remediation
Install updates from vendor's website.