109 matches found
Apache Flink JAR Upload Java Code Execution
This module uses job functionality in Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2 on Ubuntu...
Apache Flink JobManager Traversal
This module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 use auxiliary/scanner/http/apacheflinkjobmanagertraversal msf auxiliaryapacheflinkjobmanagertraversal show actions ...actions... msf auxiliaryapacheflinkjobmanagertraversal set ACTION msf...
Apache Flink JAR Upload Java Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JAR Upload Java Code Execution', 'Description' = %q This module uses job functionality in Apache Flink dashboard web interface to...
Apache Flink JAR Upload Java Code Execution Exploit
This Metasploit module uses job functionality in the Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2...
Apache Flink Web UI Detection
Binary data apacheflinkwebuidetect.nbin...
Apache Flink local file inclusion Vulnerability (direct check)
Binary data apacheflinkcve-2020-17519.nbin...
Exploit for Files or Directories Accessible to External Parties in Apache Flink
CVE-2020-17519 Apache Flink Arbitrary File Reading Vulnerabil...
Apache Flink Directory Traversal (CVE-2020-17518; CVE-2020-17519)
A directory traversal vulnerability exists in Apache Flink. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Exploit for Files or Directories Accessible to External Parties in Apache Flink
CVE-2020-17519 Apache Flink RESTful API Arbitrary File Read -...
Exploit for Path Traversal in Apache Flink
CVE-2020-17518 Apache Flink RESTful API Arbitrary File Upload...
Exploit for Files or Directories Accessible to External Parties in Apache Flink
Vulnerable Application This module exploits an unauthenticate...
Apache Flink suffers from an arbitrary file read vulnerability (CNVD-2021-03406)
Apache Flink is efficient and distributed general purpose data processing platform. Apache Flink suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...
Apache Flink Directory Traversal
Directory traversal vulnerability in Apache Flink Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...
Path Traversal in Apache Flink
A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...
CVE-2020-17518
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
CVE-2020-17519
A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...
Exploit for Files or Directories Accessible to External Parties in Apache Flink
Usage & Disclaimer This script addresses a directory travers...
Apache Flink suffers from an arbitrary file read vulnerability
Apache Flink is an open source distributed streaming data processing engine from the Apache Software Foundation. It is written primarily in Java and Scala languages. Apache Flink has an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...