CVE-2021-38296
Vulnerability from cvelistv5
Published
2022-03-10 08:20
Modified
2024-08-04 01:37
Severity ?
Summary
Apache Spark Key Negotiation Vulnerability
References
security@apache.orghttps://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smdMailing List, Vendor Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Apache Software FoundationApache Spark
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:37:16.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Spark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.1.2",
              "status": "affected",
              "version": "up to and including version 3.1.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Steve Weis (Databricks)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Spark supports end-to-end encryption of RPC connections via \"spark.authenticate\" and \"spark.network.crypto.enabled\". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by \"spark.authenticate.enableSaslEncryption\", \"spark.io.encryption.enabled\", \"spark.ssl\", \"spark.ui.strictTransportSecurity\". Update to Apache Spark 3.1.3 or later"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication Bypass by Capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:31:48",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Spark Key Negotiation Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-38296",
          "STATE": "PUBLIC",
          "TITLE": "Apache Spark Key Negotiation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Spark",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "up to and including version 3.1.2",
                            "version_value": "3.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Steve Weis (Databricks)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Spark supports end-to-end encryption of RPC connections via \"spark.authenticate\" and \"spark.network.crypto.enabled\". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by \"spark.authenticate.enableSaslEncryption\", \"spark.io.encryption.enabled\", \"spark.ssl\", \"spark.ui.strictTransportSecurity\". Update to Apache Spark 3.1.3 or later"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-294 Authentication Bypass by Capture-replay"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-38296",
    "datePublished": "2022-03-10T08:20:12",
    "dateReserved": "2021-08-09T00:00:00",
    "dateUpdated": "2024-08-04T01:37:16.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-38296\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-03-10T09:15:07.000\",\"lastModified\":\"2023-02-09T02:02:03.483\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Spark supports end-to-end encryption of RPC connections via \\\"spark.authenticate\\\" and \\\"spark.network.crypto.enabled\\\". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by \\\"spark.authenticate.enableSaslEncryption\\\", \\\"spark.io.encryption.enabled\\\", \\\"spark.ssl\\\", \\\"spark.ui.strictTransportSecurity\\\". Update to Apache Spark 3.1.3 or later\"},{\"lang\":\"es\",\"value\":\"Apache Spark soporta el cifrado de extremo a extremo de las conexiones RPC por medio de \\\"spark.authenticate\\\" y \\\"spark.network.crypto.enabled\\\". En versiones 3.1.2 y anteriores, usa un protocolo de autenticaci\u00f3n mutua a medida que permite la recuperaci\u00f3n total de la clave de cifrado. Despu\u00e9s de un ataque interactivo inicial, esto permitir\u00eda a alguien descifrar el tr\u00e1fico de texto plano fuera de l\u00ednea. Tenga en cuenta que esto no afecta a los mecanismos de seguridad controlados por \\\"spark.authenticate.enableSaslEncryption\\\", \\\"spark.io.encryption.enabled\\\", \\\"spark.ssl\\\", \\\"spark.ui.strictTransportSecurity\\\". Actualice a Apache Spark versi\u00f3n 3.1.3 o posterior\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-294\"}]},{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-294\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.3\",\"matchCriteriaId\":\"064126C5-A909-4417-A1C6-A9D50375F926\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F091C7-0869-4FD6-AC73-DA697D990304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D134C60-F9E2-46C2-8466-DB90AD98439E\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.