1. Summary 

Vulnerability Name Apache Spark Command Injection Vulnerability (CVE-2022-33891)
Release Time July 19, 2022
Component Name Apache Spark
Affected Versions Apache Spark ≤3.0.3
3.1.1≤ Apache Spark ≤3.1.2
3.2.0≤ Apache Spark ≤3.2.1
Vulnerability Type Command Injection
Exploitability Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Impact Severity: CVSS v3 Base Score 8.8 (High)
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

2. About CVE-2022-33891

2.1 Introduction

Apache Spark is an open-source, distributed system for processing big data workloads. It utilizes in-memory caching and optimized query execution for fast queries against data of any size.

Apache Spark provides APIs for popular programming languages, including Java, Scala, Python and R. It offers code reuse across many workloads such as batch processing, interactive queries, real-time analytics, machine learning, and graph processing.

2.2 Summary

On July 18, 2022, Sangfor FarSight Labs received a notice about the Apache Spark Command Injection vulnerability (CVE-2022-33891), classified as high severity with a CVSS Base Score of 8.8.

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as.

Figure 1. Exploits of CVE-2022-33891 detected by Sangfor from Sep 17 to Oct 16, 2022

Figure 1. Exploits of CVE-2022-33891 detected by Sangfor from Sep 17 to Oct 16, 2022

3. Affected Versions

Apache Spark ≤3.0.3

3.1.1≤ Apache Spark ≤3.1.2

3.2.0≤ Apache Spark ≤3.2.1

4. Solutions

4.1 Remediation Solutions

4.1.1 Check the Component Version

Run spark-shell command. The version information will be displayed.

CVE-2022-33891 solution

4.1.2 Apache Solution

Users can update their affected products to the latest version to fix the vulnerability:

https://spark.apache.org/downloads.html

4.2. Sangfor Solutions

4.2.1. Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the Apache Spark Command Injection vulnerability (CVE-2022-33891):

4.2.2. Security Protection

The following Sangfor products and services provide protection against the Apache Spark Command Injection vulnerability (CVE-2022-33891):

5. Timeline

On July 18, 2022, Sangfor FarSight Labs received a notice about the Apache Spark Command Injection vulnerability (CVE-2022-33891).

On July 19, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference 

https://nvd.nist.gov/vuln/detail/CVE-2022-33891

https://github.com/apache/spark/pull/35946

7. Learn More 

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

New TellYouThePass Ransomware Variant Discovered In The Wild

Date : 25 Mar 2024
Read Now

New Mallox Ransomware Variant Discovered In The Wild

Date : 12 Mar 2024
Read Now

Multiple Vulnerabilities in VMware Products (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255)

Date : 08 Mar 2024
Read Now

See Other Product

Best Darktrace Cyber Security Competitors and Alternatives in 2024
Sangfor Omni-Command
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall