CVE-2022-33891 PoC — Apache Spark shell command injection vulnerability via Spark UI

Source

https://github.com/W01fh4cker/cve-2022-33891

Associated Vulnerability

Title:Apache Spark shell command injection vulnerability via Spark UI (CVE-2022-33891)
Description:The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.

Description

cve-2022-33891-poc

Readme

# cve-2022-33891
Usage:
```python
pip3 install requests

# If you do not use the -d parameter, the dnslog domain name will be automatically applied for you.
# 如果你不使用-d参数，则会自动为您申请dnslog域名。

python3 cve_2022_33891_poc.py -u http://127.0.0.1
python3 cve_2022_33891_poc.py -f url.txt

python3 cve_2022_33891_poc.py -u http://127.0.0.1 -d ngpc6c.dnslog.cn
python3 cve_2022_33891_poc.py -f url.txt -d ngpc6c.dnslog.cn

```
Example:  
![](https://s2.loli.net/2022/07/20/LboBqMyTXEpVAkF.png)

File Snapshot


 [4.0K]  /data/pocs/73e0c0abfe7e5a6732b2f1b33ecbbff0b79be560
├── [4.0K]  cve_2022_33891_poc.py
└── [ 524]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!