CVE-2020-17519

🗓️ 05 Jan 2021 11:40:14Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 268 Views🌐 WEB

CVE-2020-17519: Apache Flink 1.11.0 allows attackers to read local files through the REST interface

Reporter	Title	Published	Views	Family All 36
GithubExploit	Exploit for Files or Directories Accessible to External Parties in Apache Flink	6 Jan 202102:15	–	githubexploit
GithubExploit	Exploit for Files or Directories Accessible to External Parties in Apache Flink	13 Oct 202117:03	–	githubexploit
GithubExploit	Exploit for Files or Directories Accessible to External Parties in Apache Flink	8 Jan 202106:50	–	githubexploit
GithubExploit	Exploit for Files or Directories Accessible to External Parties in Apache Flink	10 Jan 202101:24	–	githubexploit
GithubExploit	Exploit for Files or Directories Accessible to External Parties in Apache Flink	18 Jan 202102:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Apache Flink	10 Jan 202101:12	–	githubexploit
Gitee	Exploit for Files or Directories Accessible to External Parties in Apache Flink	5 Oct 202121:50	–	gitee
Gitee	Exploit for Files or Directories Accessible to External Parties in Apache Flink	15 Oct 202116:27	–	gitee
ATTACKERKB	CVE-2020-17519	5 Jan 202100:00	–	attackerkb
Tenable Nessus	Apache Flink local file inclusion Vulnerability (direct check)	9 Feb 202100:00	–	nessus

NVD

Vulners

Vulnrichment

Node

apache flinkRange1.11.0–1.11.3

[
  {
    "product": "Apache Flink",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Flink 1.11.0 to 1.11.2"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E
packetstormsecurity	www.packetstormsecurity.com/files/160849/Apache-Flink-1.11.0-Arbitrary-File-Read-Directory-Traversal.html
lists	www.lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2%40%3Cdev.flink.apache.org%3E
lists	www.lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d%40%3Cissues.flink.apache.org%3E
lists	www.lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1%40%3Cissues.flink.apache.org%3E
lists	www.lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E
lists	www.lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/r0a433be10676f4fe97ca423d08f914e0ead341c901216f292d2bbe83%40%3Cissues.flink.apache.org%3E

Parameter	Position	Path	Description	CWE
path	path	jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd	Directory traversal via JobManager logs endpoint to read local files on the JobManager	CWE-552

27 Oct 2025 17:37Current

7.3High risk

Vulners AI Score7.3

CVSS 25

CVSS 3.17.5 - 9.1

EPSS0.94331

SSVC