Vulnerability-Lookup

CVE-2020-1960 (GCVE-0-2020-1960)

Vulnerability from cvelistv5 – Published: 2020-05-14 16:02 – Updated: 2024-08-04 06:54

Summary

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

apache

References

URL

	Vendor	Product	Version
	n/a	Apache Flink	Affected: Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0

FKIE_CVE-2020-1960

Vulnerability from fkie_nvd - Published: 2020-05-14 17:15 - Updated: 2024-11-21 05:11

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E	Mailing List, Patch, Vendor Advisory
security@apache.org	https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50%40%3Cissues.flink.apache.org%3E

Impacted products

Vendor	Product	Version
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	*
apache	flink	1.10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC2730A2-F7E5-4069-9827-C938D6D06B19",
              "versionEndIncluding": "1.1.5",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AF1D12-9697-469A-A871-C27FC7BD778C",
              "versionEndIncluding": "1.2.1",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "054FAA62-196F-4C07-A6B5-C311E32ED6CE",
              "versionEndIncluding": "1.3.3",
              "versionStartIncluding": "1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF033E4-2927-4743-A787-532EDC391DD3",
              "versionEndIncluding": "1.4.2",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C7A77A-4DBF-4A04-AB5B-2EE209D0890E",
              "versionEndIncluding": "1.5.6",
              "versionStartIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7E4C47-E550-4034-A619-C7EA1E881C63",
              "versionEndIncluding": "1.6.4",
              "versionStartIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14386F5C-3438-401A-B4A2-CA32C21B6C1F",
              "versionEndIncluding": "1.7.2",
              "versionStartIncluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FCCC8E-A3AC-4FB2-AE99-BF24FDA7FD4E",
              "versionEndIncluding": "1.8.3",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1641985-FAED-4FF4-910F-17E8E01B49AB",
              "versionEndIncluding": "1.9.2",
              "versionStartIncluding": "1.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:flink:1.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "7E0BCCE2-10C1-4DB9-826D-17E2E4448620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Apache Flink (versiones 1.1.0 hasta 1.1.5, versiones 1.2.0 hasta 1.2.1, versiones 1.3.0 hasta 1.3.3, versiones 1.4.0 hasta 1.4.2, versiones 1.5.0 hasta 1.5.6, versiones 1.6.0 hasta 1.6.4, versiones 1.7.0 hasta 1.7.2, versiones 1.8.0 hasta 1.8.3, versiones 1.9.0 hasta 1.9.2, versiones 1.10.0) en la que, cuando se ejecuta un proceso con un JMXReporter habilitado, con un puerto configurado por medio de metrics.reporter.reporter_name).port, un atacante con acceso local a la m\u00e1quina y al puerto JMX puede ejecutar un ataque de tipo man-in-the-middle usando una petici\u00f3n especialmente dise\u00f1ada para volver a vincular el registro JMXRMI a uno bajo el control del atacante. Esto compromete cualquier conexi\u00f3n establecida al proceso por medio de JMX, permitiendo la extracci\u00f3n de credenciales y cualquier otro dato transferido."
    }
  ],
  "id": "CVE-2020-1960",
  "lastModified": "2024-11-21T05:11:44.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T17:15:12.380",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50%40%3Cissues.flink.apache.org%3E"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-41505

Vulnerability from cnvd - Published: 2020-07-21

Title

Apache Flink注入漏洞

Description

Apache Flink是美国阿帕奇软件（Apache Software）基金会的一款开源的分布式流数据处理引擎。该产品主要使用Java和Scala语言编写。 Apache Flink中存在安全漏洞。本地攻击者可借助特制请求利用该漏洞进行中间人攻击，入侵通过JMX与进程建立的连接，获取传递的数据。

Severity

低

Patch Name

Apache Flink注入漏洞的补丁

Patch Description

Apache Flink是美国阿帕奇软件（Apache Software）基金会的一款开源的分布式流数据处理引擎。该产品主要使用Java和Scala语言编写。 Apache Flink中存在安全漏洞。本地攻击者可借助特制请求利用该漏洞进行中间人攻击，入侵通过JMX与进程建立的连接，获取传递的数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-1960

Impacted products

Name
['Apache Flink >=1.1.0，<=1.1.5', 'Apache Flink >=1.2.0，<=1.2.1', 'Apache Flink >=1.3.0，<=1.3.3', 'Apache Flink >=1.4.0，<=1.4.2', 'Apache Flink >=1.5.0，<=1.5.6', 'Apache Flink >=1.6.0，<=1.6.4', 'Apache Flink >=1.7.0，<=1.7.2', 'Apache Flink >=1.8.0，<=1.8.3', 'Apache Flink >=1.9.0，<=1.9.2', 'Apache Flink 1.10.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1960"
    }
  },
  "description": "Apache Flink\u662f\u7f8e\u56fd\u963f\u5e15\u5947\u8f6f\u4ef6\uff08Apache Software\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u6d41\u6570\u636e\u5904\u7406\u5f15\u64ce\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u4f7f\u7528Java\u548cScala\u8bed\u8a00\u7f16\u5199\u3002\n\nApache Flink\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u5165\u4fb5\u901a\u8fc7JMX\u4e0e\u8fdb\u7a0b\u5efa\u7acb\u7684\u8fde\u63a5\uff0c\u83b7\u53d6\u4f20\u9012\u7684\u6570\u636e\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-41505",
  "openTime": "2020-07-21",
  "patchDescription": "Apache Flink\u662f\u7f8e\u56fd\u963f\u5e15\u5947\u8f6f\u4ef6\uff08Apache Software\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u6d41\u6570\u636e\u5904\u7406\u5f15\u64ce\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u4f7f\u7528Java\u548cScala\u8bed\u8a00\u7f16\u5199\u3002\r\n\r\nApache Flink\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u5165\u4fb5\u901a\u8fc7JMX\u4e0e\u8fdb\u7a0b\u5efa\u7acb\u7684\u8fde\u63a5\uff0c\u83b7\u53d6\u4f20\u9012\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Flink\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Flink \u003e=1.1.0\uff0c\u003c=1.1.5",
      "Apache Flink \u003e=1.2.0\uff0c\u003c=1.2.1",
      "Apache Flink \u003e=1.3.0\uff0c\u003c=1.3.3",
      "Apache Flink \u003e=1.4.0\uff0c\u003c=1.4.2",
      "Apache Flink \u003e=1.5.0\uff0c\u003c=1.5.6",
      "Apache Flink \u003e=1.6.0\uff0c\u003c=1.6.4",
      "Apache Flink \u003e=1.7.0\uff0c\u003c=1.7.2",
      "Apache Flink \u003e=1.8.0\uff0c\u003c=1.8.3",
      "Apache Flink \u003e=1.9.0\uff0c\u003c=1.9.2",
      "Apache Flink 1.10.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1960",
  "serverity": "\u4f4e",
  "submitTime": "2020-05-15",
  "title": "Apache Flink\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-6G88-99WJ-8MGG

Vulnerability from github – Published: 2021-05-21 19:20 – Updated: 2021-05-21 18:41

Summary

Command injection in Apache Flink

Details

A vulnerability in Apache Flink where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.

Severity ?

4.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 1.9.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.flink:flink-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.flink:flink-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.10.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T18:41:46Z",
    "nvd_published_at": "2020-05-14T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Apache Flink where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.",
  "id": "GHSA-6g88-99wj-8mgg",
  "modified": "2021-05-21T18:41:46Z",
  "published": "2021-05-21T19:20:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1960"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50@%3Cissues.flink.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Command injection in Apache Flink"
}

bit-flink-2020-1960

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:51

Modified

2025-04-03 14:40

Summary

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "flink",
        "purl": "pkg:bitnami/flink"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.1.6"
            },
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.2.2"
            },
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.4"
            },
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.4.3"
            },
            {
              "introduced": "1.5.0"
            },
            {
              "fixed": "1.5.7"
            },
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.6.5"
            },
            {
              "introduced": "1.7.0"
            },
            {
              "fixed": "1.7.3"
            },
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.8.4"
            },
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "1.9.3"
            },
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1960"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
      "cpe:2.3:a:apache:flink:1.10.0:-:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.",
  "id": "BIT-flink-2020-1960",
  "modified": "2025-04-03T14:40:37.652Z",
  "published": "2024-03-06T10:51:46.472Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1960"
    }
  ],
  "schema_version": "1.5.0"
}

GSD-2020-1960

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-1960

Aliases

CVE-2020-1960

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1960",
    "description": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.",
    "id": "GSD-2020-1960",
    "references": [
      "https://access.redhat.com/errata/RHSA-2020:5568"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1960"
      ],
      "details": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.",
      "id": "GSD-2020-1960",
      "modified": "2023-12-13T01:21:58.430626Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2020-1960",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Flink",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210106 [GitHub] [flink-web] zentol commented on a change in pull request #408: Add security page for Flink",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210107 [GitHub] [flink-web] rmetzger commented on a change in pull request #408: Add security page for Flink",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.9.2),[1.10.0]",
          "affected_versions": "All versions before 1.9.2, version 1.10.0",
          "cvss_v2": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-05-21",
          "description": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.",
          "fixed_versions": [
            "1.9.3",
            "1.10.1"
          ],
          "identifier": "CVE-2020-1960",
          "identifiers": [
            "GHSA-6g88-99wj-8mgg",
            "CVE-2020-1960"
          ],
          "not_impacted": "All versions starting from 1.9.2 before 1.10.0, all versions after 1.10.0",
          "package_slug": "maven/org.apache.flink/flink-core",
          "pubdate": "2021-05-21",
          "solution": "Upgrade to versions 1.9.3, 1.10.1 or above.",
          "title": "Command injection in Apache Flink",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-1960",
            "https://github.com/advisories/GHSA-6g88-99wj-8mgg"
          ],
          "uuid": "baeaccbd-6c99-49d1-9f44-31bbf78d1a38"
        },
        {
          "affected_range": "[1.1.0,1.1.5],[1.2.0,1.2.1],[1.3.0,1.3.3],[1.4.0,1.4.2],[1.5.0,1.5.6], [1.6.0,1.6.4],[1.7.0,1.7.2],[1.8.0,1.8.3],[1.9.0,1.9.2],[1.10.0]",
          "affected_versions": "All versions starting from 1.1.0 up to 1.1.5, all versions starting from 1.2.0 up to 1.2.1, all versions starting from 1.3.0 up to 1.3.3, all versions starting from 1.4.0 up to 1.4.2, all versions starting from 1.5.0 up to 1.5.6, all versions starting from 1.6.0 up to 1.6.4, all versions starting from 1.7.0 up to 1.7.2, all versions starting from 1.8.0 up to 1.8.3, all versions starting from 1.9.0 up to 1.9.2, version 1.10.0",
          "cvss_v2": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-937"
          ],
          "date": "2021-07-21",
          "description": "When running a process with an enabled `JMXReporter`, with a port configured via `metrics.reporter.reporter_name` \u003e `.port`, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the `JMXRMI` registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.",
          "fixed_versions": [
            "1.1.5-hadoop1",
            "1.9.3",
            "1.10.1"
          ],
          "identifier": "CVE-2020-1960",
          "identifiers": [
            "CVE-2020-1960"
          ],
          "not_impacted": "All versions before 1.1.0, all versions after 1.1.5 before 1.2.0, all versions after 1.2.1 before 1.3.0, all versions after 1.3.3 before 1.4.0, all versions after 1.4.2 before 1.5.0, all versions after 1.5.6 before 1.6.0, all versions after 1.6.4 before 1.7.0, all versions after 1.7.2 before 1.8.0, all versions after 1.8.3 before 1.9.0, all versions after 1.9.2 before 1.10.0, all versions after 1.10.0",
          "package_slug": "maven/org.apache.flink/flink-metrics-core",
          "pubdate": "2020-05-14",
          "solution": "Upgrade to versions 1.1.5-hadoop1, 1.9.3, 1.10.1 or above.",
          "title": "Injection Vulnerability",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-1960"
          ],
          "uuid": "829b96c6-9338-45d1-975d-40d6d0dbc906"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.5",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.1",
                "versionStartIncluding": "1.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.3",
                "versionStartIncluding": "1.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.4.2",
                "versionStartIncluding": "1.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.6",
                "versionStartIncluding": "1.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6.4",
                "versionStartIncluding": "1.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.2",
                "versionStartIncluding": "1.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.3",
                "versionStartIncluding": "1.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.9.2",
                "versionStartIncluding": "1.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:flink:1.10.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1960"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name\u003e.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker\u0027s control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r23e559dee1e69741557b5fe431846de1f1a5981356d0ddb9482df88a%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210106 [GitHub] [flink-web] zentol commented on a change in pull request #408: Add security page for Flink",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210107 [GitHub] [flink-web] rmetzger commented on a change in pull request #408: Add security page for Flink",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r663cf0d5c386bba2f562d45ad484d786151a84f0b95e45e2b0fb8e50@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d@%3Cuser-zh.flink.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-05-14T17:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1960 (GCVE-0-2020-1960)

FKIE_CVE-2020-1960

CNVD-2020-41505

GHSA-6G88-99WJ-8MGG

bit-flink-2020-1960

Vulnerability from bitnami_vulndb

GSD-2020-1960

Tags

Sightings

Nomenclature