Количество 3
Количество 3
CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later
CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "sp ...
GHSA-9rr6-jpg7-9jg6
Authentication Bypass by Capture-replay in Apache Spark
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-38296 Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| CVE-2021-38296 Apache Spark supports end-to-end encryption of RPC connections via "sp ... | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| GHSA-9rr6-jpg7-9jg6 Authentication Bypass by Capture-replay in Apache Spark | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу