Main Vulnerability Database Vulnerabilities #VU49273

#VU49273 Information disclosure in Flink - CVE-2020-17519

Published: January 5, 2021 / Updated: August 1, 2025

Vulnerability identifier: #VU49273

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2020-17519

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Flink

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application allows to read arbitrary files on the system of the JobManager through the REST interface of the JobManager process. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E

#VU49273 Information disclosure in Flink - CVE-2020-17519

Description

Remediation

External links

Please verify you're human