Access Control: Apache Flink - Remote Code Execution¶
Identifier:
apache_flink_unauth_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Apache Flink contains unauthenticated remote code execution vulnerabilities, allowing attackers to execute arbitrary commands without authentication.
How we test: We test for unauthenticated remote code execution vulnerabilities in Apache Flink by attempting to execute commands without authentication and analyzing responses to detect if arbitrary code execution is possible.
Reference:
- https://www.exploit-db.com/exploits/48978
- https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3
- https://github.com/LandGrey/flink-unauth-rce
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.