A dangerous Apache Flink flaw has resurfaced, and is being actively exploited
Three-year-old vulnerability is resurfacing, causing CISA to sound the alarm
The US Cybersecurity and Infrastructure Security Agency (CISA) recently added a three-year-old vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, thus warning federal agencies that hackers are actively exploiting it to compromise devices without endpoint protection.
The vulnerability in question is an improper access control flaw first found in Apache Flink back in January 2021.
Apache Flink is an open source stream-processing framework developed and maintained by the Apache Software Foundation. It is designed to process large volumes of data in real time with low latency and high throughput.
A deadline for patching
The flaw is tracked as CVE-2020-17519. It was discovered in early January 2021, and was never given a specific severity score.
Still, the Apache Software Foundation fixed it in a timely manner, by applying a fix. Vulnerable versions include Flink 1.11.0, 1.11.1, and 1.11.2. Fixed versions are 1.11.3, and 1.12.0.
“A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process,” the Apache Software Foundation explained at the time. “Access is restricted to files accessible by the JobManager process.”
Adding the bug to the KEV, CISA also gave federal agencies a deadline by which they should either apply the patch, or stop using the vulnerable software altogether - June 13. Obviously, firms in the private sector should do the same, as hackers rarely skip a potential target, regardless of the industry it is in.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Unfortunately, CISA did not share additional details about the vulnerability or its exploiters, so we don’t know who the threat actors are, or who the victims might be. We also don’t know how many firms may have been compromised this way already, or what the attackers are using it for.
Via The Register
More from TechRadar Pro
- BreachForums hacking forum admin sentenced to 20 years supervised release
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.