Apache Spark UI 漏洞列表

共找到 3 个与 Apache Spark UI 相关的漏洞

📅 加载漏洞趋势中...

CVE-2022-33891: Apache Spark UI - Remote Command Injection POC

日期: 2025-09-01 | 影响软件: Apache Spark UI

Shodan: title:"Spark Master at" Fofa: title="Spark Master at"
CVE-2018-8024: Apache Spark UI - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: Apache Spark UI

Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint.
CVE-2022-33891: Apache Spark UI - Remote Command Injection POC

日期: 2025-08-01 | 影响软件: Apache Spark UI

Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow impersonation by providing an arbitrary user name. An attacker can potentially reach a permission check function that will ultimately build a Unix shell command based on input and execute it, resulting in arbitrary shell command execution. Affected versions are 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1.