8 matches found
Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.
Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...
Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Spark privilege escalation vulnerabilitiy [ CVE-2023-22946]
Summary Potential Apache Spark privilege escalation vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-22946 Vulnerability Details CVEID:CVE-2023-22946...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Spark
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Spark. Vulnerability Details CVEID:CVE-2023-22946 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using...
CVE-2023-22946
creationtimestamp| type| source ---|---|--- 2023-04-17 12:28:12+00:00| seen| https://t.me/cibsecurity/62264...
abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +215 more potentially affected by CVE-2023-22946 via pyspark (>=2.1.2 <=3.3.4)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:PYSEC-2023-44...
CVE-2023-22946
CVE-2023-22946 affects Apache Spark prior to 3.4.0. An attacker can abuse a proxy-user configuration by placing malicious configuration classes on the classpath, enabling code execution with the privileges of the submitting user (e.g., in environments using Livy). The vulnerability arises when sp...
CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...