Apache Spark Unencrypted Data Vulnerability

By GIXnews


A vulnerability in Apache Spark could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability is due to a cryptographic issue in the affected software that allows user data to be written to the local disk unencrypted in certain situations, even if the spark.io.encryption.enabled property is set to true. An attacker could exploit this vulnerability to access sensitive information, such as unencrypted user data on a targeted system. A successful exploit could be used to conduct further attacks.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-10099

Source:: Cisco Multivendor Vulnerability Alerts