Apache Flink arbitrary Jar package upload leads to remote code execution vulnerability recurrence problem (vulnerability warning)

Vulnerability Description

Apache Flink is an open source platform for distributed stream and batch data processing. At its core, Flink is a streaming dataflow engine that provides data distribution, communication, and fault tolerance capabilities for distributed computing on data streams. Flink builds batch processing on top of the streaming engine, covering local iteration support, managed memory, and program optimization. Recently, security researchers discovered that Apache Flink allows uploading arbitrary jar packages, leading to remote code execution.

Vulnerability Level

High risk

Impact

Apache Flink <=1.9.1

Vulnerability Reproduction

First, download the Apache Flink 1.9.1 installation package and decompress it. Then, go to the bin folder and run ./start-cluster.sh to start the environment. Use the browser to access http://ip:8081 to verify whether it is successful, as shown in the following figure:

Then use the generated jar Trojan file and upload it, as shown in the following figure:

Open msf to monitor and click Submit, and you can see that a shell is successfully returned. As shown in the following figure:

Restoration suggestions

Users are advised to pay attention to the Apache Flink official website and obtain the latest patch for this vulnerability in a timely manner.

Temporary solution suggestions

Set up an IP whitelist to allow only trusted IPs to access the console and add access authentication.

Vulnerability Detection Methods

At present, there is a corresponding public detection POC on GitHub, as shown in the following figure:

Link: https://github.com/LandGrey/flink-unauth-rce

Summarize

The above is the recurrence of the remote code execution vulnerability caused by uploading any Jar package in Apache Flink. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!