CISA includes ancient Apache Flink bug in KEV collection

May 26, 2024
1 min read


TLDR:

Ongoing attacks exploiting an access control flaw in Apache Flink have prompted CISA to add the bug to its KEV catalog. Federal agencies are urged to remediate the bug by June 13.

Key points:

  • Improper access control flaw in Apache Flink (CVE-2020-17519) added to CISA’s KEV catalog
  • Attacks leverage the flaw in Flink versions 1.11.0, 1.11.1, and 1.11.2, allowing unauthorized data access

Recent attacks using an improper access control flaw in Apache Flink have led to the bug being added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog. The flaw, known as CVE-2020-17519, affects versions 1.11.0, 1.11.1, and 1.11.2 of Apache Flink and allows intrusions that could facilitate unauthorized data access through directory traversal requests.

No specific details about the attacks exploiting the flaw have been provided, but threat actors were previously reported by Palo Alto Networks Unit 42 to have been heavily leveraging the bug from November 2020 to January 2021. Unit 42 researchers highlighted the emergence of newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, which were continuously being exploited in the wild during late 2020 to early 2021.

Federal agencies have been urged to remediate the bug by June 13 to mitigate the risk of further intrusions leveraging this vulnerability. The addition of this years-old Apache Flink bug to the KEV catalog underscores the ongoing importance of addressing known vulnerabilities to enhance overall cybersecurity posture.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and