Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-21823
HistoryMar 11, 2022 - 12:00 a.m.

Apache Spark Encryption Problem Vulnerability (CNVD-2022-21823)

2022-03-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7

0.001 Low

EPSS

Percentile

19.1%

Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program’s use of a custom mutual authentication protocol that allows fully encrypted key recovery, which can be exploited by an attacker to decrypt plaintext traffic offline.

CPENameOperatorVersion
apache sparkle3.1.2

0.001 Low

EPSS

Percentile

19.1%