Vulnerability Details : CVE-2020-17518
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.
Vulnerability category: Directory traversal
Products affected by CVE-2020-17518
- cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-17518
73.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-17518
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-17518
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.Assigned by: security@apache.org (Secondary)
References for CVE-2020-17518
-
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cdev.flink.apache.org%3E
[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rf8812a5703f4a5f1341138baf239258b250875699732cfdf9d55b21d@%3Cissues.flink.apache.org%3E
[jira] [Updated] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r7b2ee88c66fc1d0823e66475631f5c3e7f0365204ff0cb094d9f2433@%3Cissues.flink.apache.org%3E
[jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rec0d650fbd4ea1a5e1224a347d83a63cb44291c334ad58b8809bc23b@%3Cissues.flink.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r710693b0d3b229c81f485804ea1145b4edda79c9e77d66c39a0a2ff1@%3Cissues.flink.apache.org%3E
[jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E
Re: flink 1.12.2-rc2 被挖矿 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r88200d2f0b620c6b4b1585a7171355005c89e678b01d0e71a16c57e7@%3Cissues.flink.apache.org%3E
[jira] [Updated] (FLINK-20875) [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r8167f30c4c60a11b8d5be3f55537beeda629be61196e693bde403b36@%3Cissues.flink.apache.org%3E
[jira] [Created] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rd6a1a0e2d73220a65a8f6535bbcd24bb66adb0d046c4a1aa18777cf3@%3Cdev.flink.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1@%3Cdev.flink.apache.org%3E
Re: [DISCUSS] Releasing Apache Flink 1.10.3 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r705fb2211b82c9f1f8d2b1d4c823bcbca50402ba09b96608ec657efe@%3Cissues.flink.apache.org%3E
[jira] [Closed] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cannounce.apache.org%3E
[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API - Pony MailMailing List;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/01/05/1
oss-security - [CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST APIMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r5444acac3407ef6397d6aef1b5aec2db53b4b88ef221e63084c1e5f2@%3Cissues.flink.apache.org%3E
[jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rcb9e8af775f2a3706b69153aefde78f208871649df057c70ce2e24f9@%3Cissues.flink.apache.org%3E
[jira] [Comment Edited] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r0b000dc028616d33cb9aa388eb45d516b789cab0024dad94bc06588a@%3Cissues.flink.apache.org%3E
[jira] [Updated] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
Re: Apache Software Foundation Security Report: 2020 - Pony MailExploit;Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
Apache Software Foundation Security Report: 2020 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rfe159ccf496d75813f24c6079c5d33872d83f5a2e39cb32c3aef5a73@%3Cissues.flink.apache.org%3E
[jira] [Reopened] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r4a87837518804b31eb9db3048347ed2bb7b46fbaad5844f22a9fd4dc@%3Cissues.flink.apache.org%3E
[jira] [Commented] (FLINK-20875) [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rd2467344f88bcaf108b8209ca92da8ec393c68174bfb8c27d1e20faa@%3Cdev.flink.apache.org%3E
Re: [VOTE] Release 1.10.3, release candidate #1 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034@%3Cissues.flink.apache.org%3E
[GitHub] [flink-web] zentol commented on a change in pull request #408: Add security page for Flink - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cuser.flink.apache.org%3E
[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ra8c96bf3ccb4e491f9ce87ba35f134b4449beb2a38d1ce28fd89001f@%3Cdev.flink.apache.org%3E
Re: [DISCUSS] Releasing Apache Flink 1.10.3 - Pony MailMailing List;Vendor Advisory
Jump to