Cross-Site Scripting Vulnerability in Apache Spark UI
CVE-2018-8024

5.4MEDIUM

Key Information:

Vendor: Apache
Status: Apache Spark
Vendor: CVE Published:; 12 July 2018

What is CVE-2018-8024?

In specific versions of Apache Spark, a cross-site scripting vulnerability exists that enables an attacker to create a malicious URL leading to a Spark cluster’s user interface. If a user inadvertently follows this link, it can result in the execution of malicious scripts that could compromise their view of the Spark UI. Although modern browsers such as Chrome and Safari have implemented measures to block such attacks, older versions of Firefox and potentially other browsers may still be susceptible, putting users at risk of information exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Spark 1.0.0 to 2.1.2

Apache Spark 2.2.0 to 2.2.1

Apache Spark 2.3.0

References

https://spark.apache.org/security.html#CVE-2018-8024

x_refsource_CONFIRM

https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63...

mailing-listx_refsource_MLIST

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 12, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

Apache