Skip to content

CVE-2020-17519

Files Accessible to External Parties — is CVE-2020-17519real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch
High · CVSS 7.5EPSS 97.9%CISA KEVCWE-552 · Files Accessible to External Parties

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

References

NVD MITRE CVE.org CISA KEV

Published

Embed this verdict
TruePositive verdict for CVE-2020-17519
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2020-17519/badge.svg)](https://www.truepositive.app/cve/CVE-2020-17519)
HTML
<a href="https://www.truepositive.app/cve/CVE-2020-17519"><img src="https://www.truepositive.app/cve/CVE-2020-17519/badge.svg" alt="TruePositive verdict for CVE-2020-17519"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts
Not a real issue

to add your verdict.

Community real-world severity: High (High 2) — CVSS base score 7.5

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.

    Related CVEs

    Same weaknessCWE-552 · Files Accessible to External Parties.