CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini May 24, 2024

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  a NextGen Healthcare Mirth Connect vulnerability to its .

The issue, tracked as , is an improper access control vulnerability in Apache Flink.

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.

An improper access control vulnerability occurs when an application or system does not adequately restrict user permissions, allowing unauthorized users to access resources, perform actions, or obtain data they should not be able to. This type of vulnerability can lead to unauthorized access, data breaches, and other security issues.

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix these vulnerabilities by June 13, 2024.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Apache Flink)



you might also like

leave a comment