exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2020-9480

больше 5 лет назад

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).

CVSS3: 9.8

EPSS: Критический

CVE-2020-9480

больше 5 лет назад

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).

CVSS3: 9.8

EPSS: Критический

CVE-2020-9480

больше 5 лет назад

In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...

CVSS3: 9.8

EPSS: Критический

GHSA-wgx7-jwwm-cgjv

почти 4 года назад

Improper Authentication in Apache Spark

CVSS3: 9.8

EPSS: Критический

BDU:2025-09903

больше 5 лет назад

Уязвимость компонента Analytics Server программной платформы Oracle Business Intelligence Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 9.8

EPSS: Критический

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2020-9480 In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).	CVSS3: 9.8	93% Критический	больше 5 лет назад
CVE-2020-9480 In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).	CVSS3: 9.8	93% Критический	больше 5 лет назад
CVE-2020-9480 In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...	CVSS3: 9.8	93% Критический	больше 5 лет назад
GHSA-wgx7-jwwm-cgjv Improper Authentication in Apache Spark	CVSS3: 9.8	93% Критический	почти 4 года назад
BDU:2025-09903 Уязвимость компонента Analytics Server программной платформы Oracle Business Intelligence Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 9.8	93% Критический	больше 5 лет назад

Уязвимостей на страницу