CVSS: 9.0EPSS: 92%CPEs: 3EXPL: 0CVE-2023-32007 – Apache Spark: Shell command injection via Spark UI
https://notcve.org/view.php?id=CVE-2023-32007
02 May 2023 — The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute ... • http://www.openwall.com/lists/oss-security/2023/05/02/1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22946 – Apache Spark proxy-user privilege escalation from malicious configuration class
https://notcve.org/view.php?id=CVE-2023-22946
17 Apr 2023 — In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClu... • https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31777 – Apache Spark XSS vulnerability in log viewer UI Javascript
https://notcve.org/view.php?id=CVE-2022-31777
01 Nov 2022 — A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en Apache Spark 3.2.1 y anteriores, y 3.3.0, permite a atacantes remotos ejecutar JavaScript arbitrario en el navegador web de un usuario, al incluir un payload malicioso ... • http://www.openwall.com/lists/oss-security/2022/11/01/14 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 94%CPEs: 3EXPL: 16CVE-2022-33891 – Apache Spark Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-33891
18 Jul 2022 — The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute ... • https://packetstorm.news/files/id/168309 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •