Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Are there any effects of Spark2 by CVE-2022-33891?

avatar
New Contributor

I'm checking whether there are any effects to spark2 by CVE-2022-33891 or not.

Is there anyone who can explanin it to me?

1 ACCEPTED SOLUTION

avatar
Super Collaborator
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
8 REPLIES 8

avatar
Super Collaborator
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar

Hello @rki_ , how could we saw or configure it to disable acls ?
Thanks for your answer.

avatar
Super Collaborator

Hi, Inside Spark, you can check for spark.history.ui.acls.enable and spark.acls.enable. These should be false by default.

 

https://spark.apache.org/docs/2.4.3/security.html#authentication-and-authorization

avatar

Hi @rki_ , unfortunately, on my kerberos cluster (HDP 2.6.5), I can't find it in Spark from Ambari.
Do I need to activate them specifically  into custom Spark configs even it's disabled (false) by default ?

avatar
Super Collaborator

Hi, Those parameter won't be exposed by Ambari and would be false by default. The parameters would go into Custom spark-defaults. As they are disabled by default, I would suggest not to enable them.

avatar

Hello @rki as I can't find those parameters into Ambari, is it possible to enforce disabling it spark.enable.acls = false into Ambari (Custom Spark-defaults) ?

Or maybe it's not be possible to expose by Ambari at all !

Thanks in advance.

avatar
New Contributor

Hello Jero, Can you please let me know where you saw the parameters and how did you handle it ?

avatar
New Contributor

Hello @rki_  We are using CDH 6.3.4 and we have spark on yarn:
Below is the version details:

Welcome to
____ __
/ __/__ ___ _____/ /__
_\ \/ _ \/ _ `/ __/ '_/
/___/ .__/\_,_/_/ /_/\_\ version 2.4.0-cdh6.3.4
/_/

Using Scala version 2.11.12, OpenJDK 64-Bit Server VM, 1.8.0_342
Branch HEAD
Compiled by user jenkins on 2022-01-10T17:29:31Z
Revision HEAD
Url
Type --help for more information.

 

Are we affected? if yes then please can you tell us how to remediate it.

 

Thanks in Advance,

Sagar