CVE-2021-38296— Apache Spark Key Negotiation Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-38296
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Spark Key Negotiation Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用捕获-重放进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Spark 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Spark是美国阿帕奇(Apache)基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark 3.1.2 版本及更早版本存在加密问题漏洞,该漏洞源于 Apache Spark 使用定制的相互身份验证协议,允许完全加密密钥恢复。该漏洞允许攻击者在初始交互式攻击之后,离线解密明文流量。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Spark | up to and including version 3.1.2 ~ 3.1.2 | - |
II. Public POCs for CVE-2021-38296
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-38296
请登录查看更多情报信息。
- https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smdx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-38296
IV. Related Vulnerabilities
Same product: Apache Spark
- CVE-2025-54920
Apache Spark: Spark History Server Code Execution Vulnerabil - CVE-2025-55039
Apache Spark, Apache Spark: RPC encryption defaults to unaut - CVE-2023-32007
Apache Spark: Shell command injection via Spark UI - CVE-2023-22946
Apache Spark proxy-user privilege escalation from malicious - CVE-2022-31777
Apache Spark XSS vulnerability in log viewer UI Javascript
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-294
- CVE-2026-41351
OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via B - CVE-2026-35618
OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only - CVE-2026-34209
mppx: Tempo has a session close voucher bypass vulnerability - CVE-2026-32987
OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Devic - CVE-2026-27855
Open-Xchange OX Dovecot Pro 安全漏洞
V. Comments for CVE-2021-38296
No comments yet