Apache Spark is an open-source data processing engine used for big data analytics. This vulnerability affects the way Spark encrypts RPC communication between nodes, allowing a man-in-the-middle attacker to modify encrypted traffic and potentially compromise application data.
You're affected if you use Apache Spark versions before 3.4.4, 3.5.2, and 4.0.0.
Check with: grep spark.network.crypto enabled /etc/spark/conf/spark-defaults.conf (for Linux) or grep spark.network.crypto enabled C:\ProgramData\Apache\Spark-3.4.4\conf\spark-defaults.conf (for Windows)
Note: This vulnerability is specific to Apache Spark and not related to other software.
spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption.spark-defaults.conf file with the following configuration:2. Enable SSL encryption by setting `spark.ssl.enabled` to `true`.
- For Maven users, update the `spark-defaults.conf` file with the following configuration:
```xml
<property>
<name>spark.ssl.enabled</name>
<value>true</value>
</property>
Immediate mitigations:
- Restrict network access to your Spark instance (firewall it from the public internet)
- Audit RPC traffic for suspicious patterns