⚠ Actively exploited
Added to CISA KEV on 2023-03-07. Federal agencies required to patch by 2023-03-28. Required action: Apply updates per vendor instructions..
CVE-2022-33891
Severity
8.8HIGH
EPSS
93.5%
top 0.17%
CISA KEV
KEV
Added 2023-03-07
Due 2023-03-28
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 18
KEV addedMar 7
KEV dueMar 28
Latest updateMay 2
CISA Required Action: Apply updates per vendor instructions.
Description
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
6OSV▶
CVE-2022-33891: The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark↗2022-07-18
💥Exploits & PoCs
1Nuclei▶
Apache Spark UI - Remote Command Injection