Lucene search
Redhat.comRH:CVE-2020-9480HistoryOct 13, 2020 - 8:19 p.m.
CVE-2020-9480
2020-10-1320:19:43
redhat.com
access.redhat.com
15
apache spark
standalone resource manager
master
authentication
shared secret
rpc
shell commands
host machine
vulnerability
cve-2020-9480
EPSS
0.03
Percentile
90.9%
In Apache Spark 2.4.5 and earlier, a standalone resource manager’s master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application’s resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
Related
nessus
nessus
Apache Spark < 2.4.6 RCE (CVE-2020-9480)
2023-03-10 00:00:00
ibm
ibm
osv
osv
BIT-spark-2020-9480
2024-03-06 11:05:59
PYSEC-2020-95
2020-06-23 22:15:00
Improper Authentication in Apache Spark
2022-02-10 23:05:20
checkpoint_advisories
checkpoint_advisories
Apache Spark Remote Code Execution (CVE-2020-9480)
2020-11-05 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-06-23 01:03:15
nvd
nvd
CVE-2020-9480
2020-06-23 22:15:14
cve
cve
CVE-2020-9480
2020-06-23 22:15:14
prion
prion
Authentication flaw
2020-06-23 22:15:00
cvelist
cvelist
CVE-2020-9480
2020-06-23 21:50:51
github
github
Improper Authentication in Apache Spark
2022-02-10 23:05:20
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00