POC详情: 2e3bc87a8f219b2f946b67e80558ab5c0cd5dd18

来源
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9480.yaml
关联漏洞
标题: Apache Spark 访问控制错误漏洞 (CVE-2020-9480)
描述:Apache Spark是美国阿帕奇(Apache)基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark 2.4.5及之前版本中存在访问控制错误漏洞。攻击者可利用该漏洞在主机上执行shell命令。
描述
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
文件快照

 id: CVE-2020-9480

info:
  name: Apache Spark - Authentication Bypass
  author: riteshs4hu
  severit

...
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。