On Apache Flink dashboards

I've recently come across an interesting misconfiguration. This is regarding Apache Flink.

What is Flink?

Flink is a framework for processing data streams. It runs on port 8081 by default.

What are data streams?

Re the Flink documentation: Any kind of data is produced as a stream of events. Credit card transactions, sensor measurements, machine logs, or user interactions on a website or mobile application, all of these data are generated as a stream.


Flink dashboards look like this.

There is no authentication required to access them.

Why are they dangerous?

Well, you see the "Submit New Job" section? Yeah. That lets you upload .jar files.
With Metasploit, it's possible to achieve RCE.

And this concludes my short post on Flink. Until next time :)