Module library
All modules
Visit vidocsecurity.com
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Start for free
Unauthenticated Spark REST API
By kannthu
Critical
Vidoc Module
#spark
#unauth
Description
Author: princechaddha
Classification
CWE-ID: CWE-77 CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS-Score: 10 The Spark product's REST API interface allows access to unauthenticated users.
Reference
- https://xz.aliyun.com/t/2490
Remediation
Restrict access the exposed API ports.
Metadata
max-request: 1
Module preview
Concurrent Requests (1)
1. HTTP Request template
GET
/v1/submissions
Matching conditions
status: 400
and
word: Missing an action, serverSparkVersion
Passive global matcher
No matching conditions.
On match action
Report vulnerability