关联漏洞
标题:Apache Spark 操作系统操作系统命令注入漏洞 (CVE-2022-33891)Description:Apache Spark是美国阿帕奇(Apache)基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark 存在操作系统命令注入漏洞,该漏洞源于Apache Spark UI中的 ACL 功能中的输入验证不正确。远程攻击者利用该漏洞可以请求特制 URL 并在目标系统上执行任意操作系统命令。
Description
A PoC exploit for CVE-2022-33891 - Apache Spark UI Remote Code Execution (RCE)
介绍
# CVE-2022-33891 - Apache Spark UI Remote Code Execution (RCE) 🔐
Apache Spark UI is susceptible to a remote command injection vulnerability identified as CVE-2022-33891. This flaw arises due to improper handling of user authentication and access control, specifically when Access Control Lists (ACLs) are enabled. With ACLs activated through the `spark.acls.enable` configuration option, an authentication filter is supposed to validate whether a user has the necessary permissions to view or modify the application. However, a vulnerability exists within the `HttpSecurityFilter` that allows for impersonation by supplying an arbitrary username.
## Vulnerability Details 🛠
When ACLs are enabled, a specific code path within `HttpSecurityFilter` fails to adequately verify user identities. This oversight permits an attacker to bypass the authentication mechanism and reach a permission check function. This function inadvertently constructs and executes a Unix shell command based on user-supplied input, leading to arbitrary code execution on the server hosting the Apache Spark UI.
### Affected Versions 🚨
The vulnerability impacts the following versions of Apache Spark:
- Versions 3.0.3 and earlier
- Versions 3.1.1 to 3.1.2
- Versions 3.2.0 to 3.2.1
## Proof of Concept (PoC) 💻
A Proof of Concept (PoC) has been developed to demonstrate the exploitability of this vulnerability. This PoC is intended strictly for educational and security research purposes, to aid in the understanding and mitigation of this flaw.
### Disclaimer ⚠️
The provided PoC is for educational and ethical hacking purposes only. Usage of the PoC for attacks against web applications or servers without prior mutual consent is illegal. The author assumes no liability and is not responsible for any misuse or damage caused by this material. Users are urged to use this information responsibly and ethically.
文件快照
[4.0K] /data/pocs/c3fdaf5af899bebee19b35f1b96f0b6db01d547b
├── [7.2K] CVE-2022-33891.py
└── [1.9K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。