This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 less than or equal to 1.11.2. The JobManager REST API fails to validate user-supplied log file paths, allowing retrieval of arbitrary files with the privileges of the web server user. This Metasploit module has been tested successfully on Apache Flink version 1.11.2 on Ubuntu 18.04.4.
776647522193812481f55a112c7a98a591a11cb7829c40e7841d4b5813acf9fa
Red Hat Security Advisory 2021-3207-01 - This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
45c967c8a201b1f39d4acd990e209ab0096988439ff4cec5216e3227f4f3dc4b
Red Hat Security Advisory 2021-3205-01 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
2c0be2bf30994c0e78e9f0282ebe4ea1c42cf7bd92b633df388b40a2dc8c649c
Red Hat Security Advisory 2021-3140-01 - This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, bypass, code execution, cross site scripting, denial of service, deserialization, information leakage, man-in-the-middle, memory leak, resource exhaustion, server-side request forgery, remote SQL injection, and traversal vulnerabilities.
7b87634aaeff995c7acbe482688b36f551a706a54a262f6607bd35c528818502
Red Hat Security Advisory 2021-0146-01 - Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include code execution and cross site scripting vulnerabilities.
a86c00be6acf79cfc141fb047b2a8d856fd69b40c660eaa8ec6d9b8a5a91d313
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.
79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
Red Hat Security Advisory 2020-5149-01 - Red Hat OpenShift Serverless 1.11.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6.
ae040d80529f54eb92eb0fd38e2a45abadc228521f0e608f7b65bb3d75caee9c
Red Hat Security Advisory 2020-4444-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a use-after-free vulnerability.
37cad4f15ed87aa0f841fe0fb1f9b66f9b1c76d5c5a9b57f07addf4008ac6b9e
Ubuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
ad00074c48095e1094b2946c458fba7c26cd42996ac22eb17a94175a5a0b9a15
Gentoo Linux Security Advisory 202006-4 - Multiple vulnerabilities have been found in glibc, the worst of which could result in a Denial of Service condition. Versions less than 2.30-r8 are affected.
8e804e61c570461a121e03cc5c0c1632ad0438c908933088e1ab806e85ffb9b7