.. / CVE-2022-33891

Exploit for Apache Spark UI - Remote Command Injection (CVE-2022-33891)

Description:

Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow impersonation by providing an arbitrary user name. An attacker can potentially reach a permission check function that will ultimately build a Unix shell command based on input and execute it, resulting in arbitrary shell command execution. Affected versions are 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1.

Nuclei Template

View the template here CVE-2022-33891.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-33891.yaml
Copy

References:

http://www.openwall.com/lists/oss-security/2023/05/02/1
https://nvd.nist.gov/vuln/detail/CVE-2022-33891
https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
https://github.com/W01fh4cker/cve-2022-33891