all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache Spark Unauthenticated Command Injection

Add to bookmarks
Sept. 8, 2022, 2:47 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs parameter by using a raw Linux command. It is triggered by a non-default setting called spark.acls.enable. This configuration setting spark.acls.enable should be set true in the Spark configuration to make the application vulnerable for this attack. …

apache command command injection injection spark

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6750-1 12 hours ago | packetstormsecurity.com
arbitrary code attacker browsing bypass +19
Ubuntu Security Notice USN-6743-3 12 hours ago | packetstormsecurity.com
attacker compromise kernel linux +8
Ubuntu Security Notice USN-6657-2 12 hours ago | packetstormsecurity.com
attacker dnsmasq dnssec issue +12
Ubuntu Security Notice USN-6749-1 12 hours ago | packetstormsecurity.com
arbitrary code attacker code context +11
Red Hat Security Advisory 2024-2060-03 13 hours ago | packetstormsecurity.com
advisory bugs denial of service fix +12
Red Hat Security Advisory 2024-2055-03 13 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4
Red Hat Security Advisory 2024-2045-03 13 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2044-03 13 hours ago | packetstormsecurity.com
advisory enterprise gnutls information +8
Red Hat Security Advisory 2024-2042-03 13 hours ago | packetstormsecurity.com
advanced advisory critical critical update +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Regional Leader, Cyber Crisis Communications

@ Google | United Kingdom
View on infosec-jobs.com

Regional Intelligence Manager, Compliance, Safety and Risk Management

@ Google | London, UK
View on infosec-jobs.com

Senior Analyst, Endpoint Security

@ Scotiabank | Toronto, ON, CA, M1K5L1
View on infosec-jobs.com

Software Engineer, Security/Privacy, Google Cloud

@ Google | Bengaluru, Karnataka, India
View on infosec-jobs.com

Senior Security Engineer

@ Coinbase | Remote - USA
View on infosec-jobs.com
View more jobs