Miggo Logo

CVE-2020-1960: Command injection in Apache Flink

4.7

CVSS Score
3.1

Basic Information

EPSS Score
0.21852%
Published
5/21/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.flink:flink-coremaven< 1.9.21.9.3
org.apache.flink:flink-coremaven= 1.10.01.10.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is associated with the JMXReporter in Apache Flink. The JMXReporter's handling of the JMXRMI registry is the key area of concern. Functions related to starting or configuring the JMX registry are likely to be relevant. The exact function names may vary based on the specific implementation details in the Flink codebase.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in *p**** *link w**r*, w**n runnin* * pro**ss wit* *n *n**l** JMXR*port*r, wit* * port *on*i*ur** vi* m*tri*s.r*port*r.r*port*r_n*m*>.port, *n *tt**k*r wit* lo**l ****ss to t** m***in* *n* JMX port **n *x**ut* * m*n-in-t**-mi**l* *tt*

Reasoning

T** vuln*r**ility is *sso*i*t** wit* t** `JMXR*port*r` in *p**** *link. T** `JMXR*port*r's` **n*lin* o* t** `JMXRMI` r**istry is t** k*y *r** o* *on**rn. *un*tions r*l*t** to st*rtin* or *on*i*urin* t** `JMX` r**istry *r* lik*ly to ** r*l*v*nt. T** *