May 23, 2024 at 01:39PM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting Apache Flink to the Known Exploited Vulnerabilities catalog due to active exploitation. Tracked as CVE-2020-17519, the issue allows unauthorized access to sensitive information. Federal agencies are advised to apply the latest fixes by June 13, 2024, to mitigate active threats.
The meeting notes from May 23, 2024, provide important information about a security flaw impacting Apache Flink, an open-source stream-processing and batch-processing framework. Tracked as CVE-2020-17519, the vulnerability relates to improper access control, allowing potential unauthorized access to sensitive information. The flaw affects Flink versions 1.11.0, 1.11.1, and 1.11.2, and was addressed in versions 1.11.3 or 1.12.0 in January 2021. There have been reports of active exploitation between November 2020 and January 2021, and it’s recommended that federal agencies apply the latest fixes by June 13, 2024, to protect their networks against potential threats.