CVE-2020-9480 Scanner

Apache Spark is an open-source, distributed computing system that is primarily used for big data processing. It provides optimizations on top of Hadoop and supports a variety of computing needs including stream processing, interactive queries, and batch processing. Spark's computational model is based on data parallelism and fault tolerance, making it suitable for processing large data sets across various servers and clusters. It is used by data engineers and data scientists for diverse applications like machine learning, graph processing, and real-time stream analytics. Its capability of running in multiple environments, such as standalone, on Apache Mesos, or YARN, adds to its versatility and widespread use across industries. The software is popular among major organizations for accelerating big data analytics, enhancing its usability in collaborative environments.

Unauthorized Admin Access is a critical security vulnerability that occurs when authentication mechanisms are improperly configured, allowing attackers to gain unauthorized administrative access. In this case, Apache Spark versions 2.4.5 and earlier are vulnerable when configured with standalone resource managers. The vulnerability leads to potential exploitation where attackers can execute remote commands without requiring valid authentication credentials. As a result, it is important to address this issue swiftly to prevent unauthorized access. This oversight in security configuration could allow malicious actors to leverage unauthenticated RPC calls to access or alter configurations, thereby compromising system integrity. Addressing these improper configurations is crucial in maintaining a secure environment in Apache Spark implementations.

The technical details of this vulnerability indicate that unauthorized users can interact with the Spark master API through specially crafted RPC calls. These calls would execute shell commands on the host machine without requiring authenticated access, due to improper handling of authentication configurations. The vulnerable endpoints include the submission API where POST requests can initiate Spark jobs with arbitrary parameters. This flaw allows remote attackers to exploit the vulnerability by executing arbitrary commands on Spark clusters using the standalone resource manager. Exploitation requires construction of a specific HTTP request to the Spark master, bypassing authentication mechanisms meant to secure application resources deployment. Securing Spark configurations against such exploitations is paramount to maintaining the security of clusters against remote attacks.

Potentially, exploiting this vulnerability could lead to several adverse effects, including unauthorized execution of shell commands that risk data integrity and confidentiality. Attackers may deploy arbitrary applications or gain privileged access to the Spark cluster, causing disruption of services or data breaches. Such unauthorized access poses a severe risk of data leakage, system compromise or resource misuse, promoting further attacks on connected systems. If left unpatched, organizations utilizing affected Spark versions may experience critical security incidents affecting operational integrity. It is essential to rectify the misconfiguration to protect against potential exploitations and mitigate the risks associated with unauthorized access. The threat needs immediate attention to ensure robust security for systems operating Apache Spark.

REFERENCES

• https://github.com/XiaoShaYu617/CVE-2020-9480/blob/main/20220624_apache_spark_apache_spark_pre-auth_code_execution_cve-2020-9480.py
• https://nvd.nist.gov/vuln/detail/cve-2020-9480