開源資料處理框架Apache Flink在3年前公布的弱點,美國CISA證實被用於攻擊行動
支付動態 · 2024-05-27
上週美國網路安全暨基礎設施安全局(CISA)針對開源資料處理框架Apache Flink用戶提出警告,指出3年前公布的漏洞CVE-2020-17519,已出現被用於攻擊行動的情形
5月23日美國網路安全暨基礎設施安全局(CISA)將開源資料處理框架Apache Flink漏洞CVE-2020-17519,列入已被利用的漏洞名單(KEV),並要求聯邦機構於6月13日前完成修補。
這項漏洞源自於1.11.0版Flink導入的變更,攻擊者可藉由JobManager處理程序的REST介面,在本機的檔案系統讀取任意檔案,CVSS風險評為7.5分,IT人員應升級1.11.3或1.12.0以上的版本來緩解漏洞。
雖然CISA並未透露有關漏洞被利用的相關細節,無從得知攻擊者的身分及目的,但值得留意的是,Apache基金會於2021年1月公告、修補這項漏洞,相關資訊已被公布超過3年,也有研究人員公布概念性驗證的攻擊程式碼,這代表攻擊者相關利用漏洞不需自行從頭研究,後續可能有更多攻擊者加入嘗試利用漏洞的行列。
Popular articles
Dutch gambling regulator wanrs lottery over advertorial
Regulation
GamingTECH CEE Awards 2025: The Online Voting Battle Begins February 12!
Online Casino
Brazil’s president says he will ban sports bets if ‘addiction’ not regulated
Sports Betting
PrizePicks announces two executive staff appointments
Sports Betting
NFL player calls out NFL fans upset about bets: ‘We’re human too’
Sports Betting
Major UK banks join new Gambling Harms Action Lab
Regulation
Indiana online casino bill stalls in House committee
Regulation
Spanish regulator warns of identity theft via online gambling platforms
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Casino
FDJ says it doesn’t foresee French gambling tax hike, as stock price hit
Sports Betting
GeoComply report: Betting while at NFL games soaring so far this season
Sports Betting
The GAT Events 2025 Circuit Kicks Off in Cartagena de Indias
HUIDU Focus
British gambling levy rates confirmed for each vertical
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Industry sources: Time to pump the brakes a little on an Alberta online market rollout
Sports Betting
