Description

Apache Spark is an open-source distributed general-purpose cluster-computing framework.

Spark REST is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache Spark's services publicly accessible.

Remediation

It's recommended to restrict access to Apache Spark REST port

References

Apache Spark Security

Related Vulnerabilities

Apache mod_negotiation filename bruteforcing

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)

GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability

Unrestricted access to Haproxy Data Plane API

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Acumonitor