Main Vulnerability Database Vulnerabilities #VU49273

Information disclosure in Flink - CVE-2020-17519

Published: January 5, 2021 / Updated: August 1, 2025

Vulnerability identifier: #VU49273

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2020-17519

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Apache Foundation

Affected software:
Flink

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application allows to read arbitrary files on the system of the JobManager through the REST interface of the JobManager process. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

How to mitigate CVE-2020-17519

Install updates from vendor's website.

Sources

https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E

Information disclosure in Flink - CVE-2020-17519

Detailed vulnerability description

How to mitigate CVE-2020-17519

Sources

Please verify you're human