3 matches found
EUVD-2026-31846
Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...
Apache Flink Kubernetes Operator 安全漏洞
Apache Flink Kubernetes Operator is an operations component for Flink clusters developed by the Apache Foundation. Versions of Apache Flink Kubernetes Operator from 1.3.0 to 1.15.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the jarURI in...
PT-2026-43265
Name of the Vulnerable Software and Affected Versions Apache Flink Kubernetes Operator versions 1.3.0 through 1.14.x Description A Server-Side Request Forgery SSRF and local file access issue exists where the jarURI in FlinkSessionJob is not validated. This allows a user with CR create permission...