CVE-2018-11770 : What You Need to Know

Apache Spark's standalone master and Mesos REST APIs lack proper authentication, potentially leading to unauthorized access.

Understanding CVE-2018-11770

Apache Spark's vulnerability in version 1.3.0 exposes a security flaw in its REST API authentication mechanism.

What is CVE-2018-11770?

Apache Spark's standalone master introduces a REST API for job submission without proper authentication.
The REST API does not utilize any authentication method, allowing unauthorized access to launch executors.
Mesos also uses this REST API for job submission when configured in cluster mode.

The Impact of CVE-2018-11770

Users can run a driver program without authentication, but launching executors via the REST API is not possible.
Lack of authentication exposes the system to potential unauthorized access and security breaches.

Technical Details of CVE-2018-11770

Apache Spark vulnerability details and affected systems.

Vulnerability Description

Apache Spark's REST API lacks proper authentication, potentially allowing unauthorized access to launch executors.

Affected Systems and Versions

Product: Apache Spark
Vendor: Apache Software Foundation
Versions Affected: 1.3.0 (maven) to less than 2.4.0

Exploitation Mechanism

Attackers can exploit the lack of authentication in the REST API to gain unauthorized access to launch executors.

Mitigation and Prevention

Protecting systems from CVE-2018-11770 and enhancing security measures.

Immediate Steps to Take

Disable the REST API in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.
Implement proper authentication mechanisms for job submission.

Long-Term Security Practices

Regularly update Apache Spark to the latest version to benefit from enhanced security features.
Monitor and restrict access to the REST API to authorized users only.

Patching and Updates

Stay informed about security updates and patches released by Apache Spark to address this vulnerability.