ID CVE-2018-8024
Summary In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI.
Vulnerable Configurations
Base: None
Last major update 12-07-2018 - 09:29
Published 12-07-2018 - 09:29
Last modified 12-07-2018 - 09:29
Back to Top