TLDR:
Ongoing attacks exploiting an access control flaw in Apache Flink have prompted CISA to add the bug to its KEV catalog. Federal agencies are urged to remediate the bug by June 13.
Key points:
- Improper access control flaw in Apache Flink (CVE-2020-17519) added to CISA’s KEV catalog
- Attacks leverage the flaw in Flink versions 1.11.0, 1.11.1, and 1.11.2, allowing unauthorized data access
Recent attacks using an improper access control flaw in Apache Flink have led to the bug being added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog. The flaw, known as CVE-2020-17519, affects versions 1.11.0, 1.11.1, and 1.11.2 of Apache Flink and allows intrusions that could facilitate unauthorized data access through directory traversal requests.
No specific details about the attacks exploiting the flaw have been provided, but threat actors were previously reported by Palo Alto Networks Unit 42 to have been heavily leveraging the bug from November 2020 to January 2021. Unit 42 researchers highlighted the emergence of newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, which were continuously being exploited in the wild during late 2020 to early 2021.
Federal agencies have been urged to remediate the bug by June 13 to mitigate the risk of further intrusions leveraging this vulnerability. The addition of this years-old Apache Flink bug to the KEV catalog underscores the ongoing importance of addressing known vulnerabilities to enhance overall cybersecurity posture.