CVE-2018-8024 in Apache and Mozilla Products
Published on July 12, 2018
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.
Products Associated with CVE-2018-8024
stack.watch emails you whenever new vulnerabilities are published in Apache Spark or Mozilla Firefox. Just hit a watch button to start following.
Affected Versions
Apache Software Foundation Apache Spark:- Version 1.0.0 to 2.1.2 is affected.
- Version 2.2.0 to 2.2.1 is affected.
- Version 2.3.0 is affected.
Exploit Probability
EPSS
43.70%
Percentile
97.45%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.