Описание
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
A flaw was found in Apache Spark. This flaw allows a malicious user to impersonate another user and jeopardize the environment by executing shell commands.
Отчет
Red Hat Middleware as Data Grid 7 and Fuse 7 products listed in this CVE page does not ship Apache Spark with their source code or binaries. Those who ship Apache Spark partially do are running versions < 3.x. Since 3.x is written in Scala and 2.x is written in Java, there's a difference in their source code. In 2.4 version this demands 'spark.acls.enable' which comes disabled by default, needs to be set 'true' in order to be vulnerable. Red Hat Middleware stack does not have this option enabled.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | apache-spark | Not affected | ||
| Red Hat Fuse 7 | apache-spark | Not affected | ||
| Red Hat Integration Camel K 1 | apache-spark | Not affected | ||
| Red Hat JBoss Data Grid 7 | apache-spark | Not affected |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
The Apache Spark UI offers the possibility to enable ACLs via the conf ...
Apache Spark UI can allow impersonation if ACLs enabled
Уязвимость интерфейса фреймворка Apache Spark, позволяющая нарушителю выполнить произвольную команду
8.8 High
CVSS3