How severe is CVE-2018-8024?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2018-8024?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2018-8024 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.

Related Vulnerabilities

CVE-2016-1786

MEDIUM

CVSS:5.4(Medium)

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the d...

CWE-2002016

CVE-2016-5014

MEDIUM

CVSS:5.4(Medium)

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

CWE-2002016

CVE-2017-10337

MEDIUM

CVSS:5.4(Medium)

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vuln...

CWE-2002017

CVE-2018-10581

MEDIUM

CVSS:5.4(Medium)

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated T...

CWE-2002018

CVE-2018-17091

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt.

CWE-2002018

CVE-2018-1999030

MEDIUM

CVSS:5.4(Medium)

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.j...

CWE-2002018