Enhancement: vulnerabilities/other/unauth-spark-api.yaml by cs
parent
fd60d738d5
commit
420a995b14
|
@ -3,9 +3,14 @@ info:
|
|||
name: Unauthenticated Spark REST API
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: The remote Spark product's REST API interface does not appear to prevent unauthenticated users from accesing it.
|
||||
description: The Spark product's REST API interface allows access to unauthenticated users.
|
||||
remediation: Restrict access the exposed API ports.
|
||||
reference: https://xz.aliyun.com/t/2490
|
||||
tags: spark,unauth
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -22,3 +27,5 @@ requests:
|
|||
- "serverSparkVersion"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by cs on 2022/02/28
|
||||
|
|
Loading…
Reference in New Issue