「💥」CVE-2022-33891 - Apache Spark Command Injection

Overview

💥 」CVE-2022-33891

Description

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.

Vulnerable Code

private def getUnixGroups(username: String): Set[String] = {
    val cmdSeq = Seq("bash", "-c", "id -Gn " + username)
    // we need to get rid of the trailing "\n" from the result of command execution
    Utils.executeAndGetOutput(cmdSeq).stripLineEnd.split(" ").toSet
}

Demo

demo

Usage

pip install requests
git clone https://github.com/AmoloHT/CVE-2022-33891
cd CVE-2022-33891
python3 CVE-2022-33891.py -u http://TARGET.TLD

Reference

You might also like...

Apache Cassandra Change-Data-Capture to Apache Pulsar

Apache Cassandra Change-Data-Capture to Apache Pulsar

Apache Cassandra CDC to Apache Pulsar Apache Cassandra Change-Data-Capture to Apache Pulsar Environment Following servers are running with CentOS Stre

May 19, 2022

CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

Aug 25, 2022

BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361]

README Repository about the BLUR attacks presented at AsiaCCS'22 in the paper titled: BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetoot

Sep 23, 2022

A loader for zimbra 2022 rce (cve-2022-27925)

A loader for zimbra 2022 rce (cve-2022-27925)

CVE-2022-27925 (Zimbra RCE 2022) This repo is part of the hgrab-framework dork title: "titleZimbra Web Client Sign In/title" Affected product Zimb

Nov 27, 2022

A data pipeline with Kafka, Spark Streaming, dbt, Docker, Airflow, Terraform, GCP and much more!

A data pipeline with Kafka, Spark Streaming, dbt, Docker, Airflow, Terraform, GCP and much more!

Streamify A data pipeline with Kafka, Spark Streaming, dbt, Docker, Airflow, Terraform, GCP and much more! Description Objective The project will stre

Nov 21, 2022

Toolkit based on Spark, Celery, FastAPI and Mongo. Currently set up with an API harvester fine-tuned for the Marvel API.

biggie Toolkit based on Spark, Celery, FastAPI and Mongo. Currently set up with an API harvester fine-tuned for the Marvel API. Installation You shoul

Jun 22, 2022

A sample repository of production-ready Spark code for use with Amazon EMR.

EMR Job Templates A sample repository of production-ready Spark code for use with Amazon EMR. Examples PySpark This first job is a PySpark job complet

Sep 8, 2022

My first attempt at a rough ETL pipeline; technologies include spark, GCS, prefect orchestration, and terraform

My first attempt at a rough ETL pipeline; technologies include spark, GCS, prefect orchestration, and terraform

Data Engineering Project #1 : Fitpipe, a hourly max heart rate ETL pipeline My first attempt at a rough ETL pipeline; technologies include spark, GCS,

Nov 17, 2022

End-To-End Data Intensive Appplication: Token Recommender on the Ethereum Blockchain (ERC-20 Tokens). Spark & Databricks

End-To-End Data Intensive Appplication: Token Recommender on the Ethereum Blockchain (ERC-20 Tokens). Spark & Databricks

EthereumTokenRecommender - SPARK & Databricks. End-To-End Data Intensive Application: Token Recommender on the Ethereum Blockchain (ERC-20 Tokens) bas

Nov 21, 2022
Owner
Amolo Hunters
Amolo Hunters
cve-2022-33891-poc

cve-2022-33891 Usage: pip3 install requests # If you do not use the -d parameter, the dnslog domain name will be automatically applied for you. # 如果你

null 48 Nov 14, 2022
The goal of this project is to analyse the impact of Covid-19 on the Aviation industry through data engineering processes using technologies such as Apache Airflow, Apache Spark, Tableau and couple of AWS services

Impact of Covid-19 on the Aviation Industry Introduction Aviation provides the only rapid worldwide transportation network, which makes it essential f

Siddharth Sudhakar 5 Sep 28, 2022
Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

CVE-2022-36804-PoC-Exploit A somewhat reliable PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection). This attack generally requires p

null 12 Oct 25, 2022
PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection

CVE-2022-22954 PoC - VMware Workspace ONE Access Freemarker Server-Side Template Injection A vulnerability, which was classified as very critical, was

DrDv 8 Nov 6, 2022
Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection

Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection Another exploit in OGNL Land Description Confluence is a web-

whokilleddb 4 Jul 29, 2022
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)

CVE-2022-26134 - OGNL injection vulnerability. Script proof of concept that exploits the remote code execution vulnerability affecting Atlassian Confl

Samy Younsi 258 Aug 24, 2022
CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection

[-] CVE-2022-26134 - Confluence Pre-Auth Remote Code Execution via OGNL Injection Usage usage: exploit.py [-h] [-f FILE] [-c CMD] [-p LPORT] [-l LHOST

Chocapik 8 Oct 16, 2022
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954.py [-h] -m SET_MODE

Chocapik 26 Oct 25, 2022
ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 #RCE #Exploit

ProxyNotShell ProxyNotShell and CVE-2022-41040 and CVE-2022-41082 Microsoft confirmed the two new zero-day vulnerabilities are being used in attacks a

Zer0 1 Oct 9, 2022
Apache APISIX Remote Code Execution (CVE-2022-24112) proof of concept exploit

Apache APISIX Remote Code Execution (CVE-2022-24112) Exploit Summary An attacker can abuse the batch-requests plugin to send requests to bypass the IP

Ven3xy 10 Sep 24, 2022