CVE advisoryKnown Exploit
CVE-2022-33891
Apache Spark UI Command Execution Vulnerability.
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in Apache Spark's UI allows unauthorized users to execute arbitrary commands, potentially leading to system compromise. Attackers can exploit this by providing specific input to the UI, resulting in the execution of commands with the Spark user's privileges. This presents a significant business risk.