Lucene search
Veracode Vulnerability DatabaseVERACODE:34613HistoryMar 11, 2022 - 10:49 a.m.
Information Disclosure
2022-03-1110:49:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
19.2%
org.apache.spark:spark-hive-thriftserver_2.12 is vulnerable to information disclosure. The vulnerability allows someone to decrypt plaintext traffic offline because the library uses a bespoke mutual authentication protocol that allows for full encryption key recovery resulting in disclosure of sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spark project hive thrift server | le | 3.1.2 | |
| spark project hive thrift server | le | 3.1.2 |
Related
cve
cve
CVE-2021-38296
2022-03-10 09:15:07
osv
osv
Authentication Bypass by Capture-replay in Apache Spark
2022-03-11 00:02:36
CVE-2021-38296
2022-03-10 09:15:07
BIT-spark-2021-38296
2024-03-06 11:05:47
prion
prion
Authentication flaw
2022-03-10 09:15:00
cvelist
cvelist
CVE-2021-38296 Apache Spark Key Negotiation Vulnerability
2022-03-10 08:20:12
cnvd
cnvd
Apache Spark Encryption Problem Vulnerability (CNVD-2022-21823)
2022-03-11 00:00:00
nvd
nvd
CVE-2021-38296
2022-03-10 09:15:07
github
github
Authentication Bypass by Capture-replay in Apache Spark
2022-03-11 00:02:36
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00