Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Flink 注入漏洞
Vulnerability Description
Apache Flink是美国阿帕奇软件(Apache Software)基金会的一款开源的分布式流数据处理引擎。该产品主要使用Java和Scala语言编写。 Apache Flink中存在安全漏洞。本地攻击者可借助特制请求利用该漏洞进行中间人攻击,入侵通过JMX与进程建立的连接,获取传递的数据。以下产品及版本受到影响:Apache Flink 1.1.0版本至1.1.5版本,1.2.0版本至1.2.1版本,1.3.0版本至1.3.3版本,1.4.0版本至1.4.2版本,1.5.0版本至1.5.6版本,1
CVSS Information
N/A
Vulnerability Type
N/A