CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jun 13, 2024
Description
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.
EPSS — Exploit Probability
Higher than 100.0% of all CVEs
Required Action
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/typ0h03zyfrzjqlnb7plh64df1g2383d; https://nvd.nist.gov/vuln/detail/CVE-2020-17519
Risk Assessment
HIGHDetails
- Severity
- High
- EPSS
- 94.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
May 23, 2024
Added to KEV
May 23, 2024
Remediation Due
Jun 13, 2024