CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class

🗓️ 17 Apr 2023 07:30:19Reported by apacheType

CVE-2023-22946 Apache Spark privilege escalatio

Reporter	Title	Published	Views	Family All 33
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation	31 Aug 202314:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Spark	28 Jun 202322:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Spark privilege escalation vulnerabilitiy [ CVE-2023-22946]	18 Jul 202314:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.	11 Oct 202314:19	–	ibm
Tenable Nessus	Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)	4 Oct 202300:00	–	nessus
Tenable Nessus	Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)	20 Oct 202300:00	–	nessus
BDU FSTEC	The vulnerability of the spark-submit function in the Apache Spark framework, which allows a hacker to execute arbitrary code.	6 Mar 202400:00	–	bdu_fstec
Circl	CVE-2023-22946	17 Apr 202312:28	–	circl
CNNVD	Apache Spark 安全漏洞	17 Apr 202300:00	–	cnnvd
CVE	CVE-2023-22946	17 Apr 202307:30	–	cve

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Spark",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.4.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv

17 Apr 2023 07:30Current

9.7High risk

Vulners AI Score9.7

CVSS 3.16.4

EPSS0.01109

CWE-269