漏洞描述
Detected Apache Spark Web UI exposed environment variables and application information without authentication, potentially revealing sensitive configuration details.
apache-spark-env: Apache Spark Environment - Exposure
PoC代码[已公开]
id: apache-spark-env
info:
name: Apache Spark Environment - Exposure
author: 0x_Akoko
severity: medium
description: |
Detected Apache Spark Web UI exposed environment variables and application information without authentication, potentially revealing sensitive configuration details.
reference:
- https://spark.apache.org/docs/latest/monitoring.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
max-request: 2
shodan-query: http.title:"Spark" http.html:"Environment"
tags: apache,spark,missconfig,environment,bigdata
http:
- method: GET
path:
- "{{BaseURL}}/api/v1/applications"
- "{{BaseURL}}/environment/"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "Spark", "Java")'
- 'contains_any(body, "sparkProperties", "appSparkVersion", "Runtime Information", "Spark Properties", "spark.app.name", "sparkUser")'
condition: and
# digest: 490a00463044022078924ea1f80ad9044d298b2fc19bde312887fdf1adee260d521984c67ea45e5a02207dc1f787ff35c335bb3aec138f058b9d30eb62dfc31ec239d331f67e24c53fbf:922c64590222798bb761d5b6d8e72950