Apache Spark <= 3.0.3 / 3.1.1 < 3.1.3 / 3.2.x < 3.2.1 RCE (CVE-2022-33891)

high Nessus Plugin ID 173429


The remote host contains a web application that is affected by a remote command execution vulnerability.


A remote code execution vulnerability exists in Apache Spark. The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.


Upgrade Apache Spark to 3.1.3, 3.2.2, 3.3.0, or later.

See Also


Plugin Details

Severity: High

ID: 173429

File Name: apache_spark_rce_cve-2022-33891.nasl

Version: 1.0

Type: remote

Family: Misc.

Published: 3/27/2023

Updated: 3/27/2023

Risk Information


Risk Factor: High

Score: 8.4


Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-33891


Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:spark

Required KB Items: installed_sw/Apache Spark

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/17/2022

Vulnerability Publication Date: 7/17/2022

CISA Known Exploited Vulnerability Due Dates: 3/28/2023

Exploitable With

Metasploit (Apache Spark Unauthenticated Command Injection RCE)

Reference Information

CVE: CVE-2022-33891