Lucene search
+L

CVE-2018-11770

🗓️ 13 Aug 2018 00:00:00Reported by apacheType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 121 Views🌐 WEB

Apache Spark standalone master's REST API lacks authentication mechanism, allowing unauthenticated job submission. Future versions will improve documentation and disable the REST API by default

Related
Detection
Affected
Refs
Paths
Social
NVD
Vulners
Node
apachesparkRange1.3.02.4.0
[
  {
    "product": "Apache Spark",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "version": "1.3.0",
        "versionType": "maven",
        "lessThan": "2.4.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
actionrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
clientSparkVersionrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
appArgsrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
appResourcerequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
environmentVariablesrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
mainClassrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
sparkPropertiesrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
spark.jarsrequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
spark.driver.superviserequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
spark.app.namerequest body/v1/submissions/createUnauthenticated REST API endpoint to submit Spark jobs via CreateSubmissionRequest (CVE-2018-11770).CWE-287
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 01:36Current
4.3Medium risk
Vulners AI Score4.3
CVSS 3.14.2
CVSS 24.9
EPSS0.6583
121