Why Patching Matters: Active Apache Flink Exploit

Many people may not remember this vulnerability because at the time of discovery, no exploit was discovered. CVE-2020-17519 allows attackers to read any file on the local Apache Flink filesystem of the JobManager through the REST interface. This was found in versions 1.11.0-2 and patched in 1.11.3 or 1.12.0.

Despite the vulnerability being discovered in 2020 and put into the National Vulnerability Database on January 5, 2021, it is still relevant as CISA noted that an exploit was discovered recently. This means that the exploit has been found to be actively used and government agencies are required to patch or get rid of the software.

This goes to show the importance of staying on top of your vulnerabilities, as a three year old finding could come back to the forefront at any time. A robust vulnerability program will try to patch old findings, but an even more mature one will be able to stay on top of any accepted risk. This can often be a source of oversight, as a vulnerability with no known exploit may be accepted at the time due to the time, cost, and effort of patching; but can become a gaping hole if it is not routinely reviewed.

If you are struggling to stay on top of your vulnerabilities, or need a tool that will help identify a newly exploitable finding, contact us for a demo and see how GlassPortal can address your needs.