Home

CVE-2018-8024

Description

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, its possible for a malicious user to construct a URL pointing to a Spark clusters UIs job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the users view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
43.702

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 60.7.3Windows
Multiple vulnerabilities affected in Mozilla_Firefox 60.7.3Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox -Windows
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.11 2.1.3Windows
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.11 2.2.2Windows
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.11 2.3.1Windows
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.10 2.1.3Windows
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.10 2.2.2Windows
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.11 for Linux 2.1.3Linux
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.11 for Linux 2.2.2Linux
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.11 for Linux 2.3.1Linux
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.10 for Linux 2.1.3Linux
Vulnerabilities CVE-2018-1334,CVE-2018-8024 are fixed in Apache-spark-core_2.10 for Linux 2.2.2Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-334457Mozilla Firefox (120.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234