CVE-2022-33891
Description
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
Severity: HIGH
CVE ID: CVE-2022-33891
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-33891
Refrence: Project Discovery GitHub
W01fh4cker
cve-2022-33891-poc
Refrence: GitHub
HuskyHacks
Apache Spark Shell Command Injection Vulnerability
Refrence: GitHub
west-wind
Apache Spark Command Injection PoC Exploit for CVE-2022-33891
Refrence: GitHub
AkbarTrilaksana
Refrence: GitHub
llraudseppll
Apache Spark RCE
Refrence: GitHub
AmoloHT
「💥」CVE-2022-33891 - Apache Spark Command Injection
Refrence: GitHub
DrLinuxOfficial
CVE-2022-33891 Exploit For Apache Spark
Refrence: GitHub
Vulnmachines
Apache Spark RCE - CVE-2022-33891
Refrence: GitHub
ps-interactive
For CVE-2022-33891 Apache Spark: Emulation and Detection by West Shepherd
Refrence: GitHub
IMHarman
Refrence: GitHub
elsvital
Refrence: GitHub
K3ysTr0K3R
A PoC exploit for CVE-2022-33891 - Apache Spark UI Remote Code Execution (RCE)
Refrence: GitHub
Content on GitHub
W01fh4cker | watchers:1133
Serein
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
Refrence: GitHub