CVE-2022-31777
Apache Spark XSS vulnerability in log viewer UI Javascript
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en Apache Spark 3.2.1 y anteriores, y 3.3.0, permite a atacantes remotos ejecutar JavaScript arbitrario en el navegador web de un usuario, al incluir un payload malicioso en los registros que serĂan devuelto en registros representados en la interfaz de usuario.
A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-27 CVE Reserved
- 2022-11-01 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2022/11/01/14 | Mailing List | |
https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-31777 | 2023-05-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2145264 | 2023-05-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Spark Search vendor "Apache" for product "Spark" | < 3.2.2 Search vendor "Apache" for product "Spark" and version " < 3.2.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Spark Search vendor "Apache" for product "Spark" | 3.3.0 Search vendor "Apache" for product "Spark" and version "3.3.0" | - |
Affected
|