Description

Apache Spark is an open-source distributed general-purpose cluster-computing framework.

Spark Web UI is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache Spark's services publicly accessible.

Remediation

It's recommended to restrict access to Apache Spark Web UI

References

Apache Spark Security

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5505)

WordPress Plugin GlotPress Information Disclosure (2.2.1)

No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)

Misconfigured Access-Control-Allow-Origin Header

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0792)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration