{"api_version":"1","generated_at":"2026-04-22T22:49:26+00:00","cve":"CVE-2020-9480","urls":{"html":"https://cve.report/CVE-2020-9480","api":"https://cve.report/api/cve/CVE-2020-9480.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9480","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9480"},"summary":{"title":"CVE-2020-9480","description":"In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).","state":"PUBLIC","assigner":"security@apache.org","published_at":"2020-06-23 22:15:00","updated_at":"2023-11-07 03:26:00"},"problem_types":["CWE-306"],"metrics":[],"references":[{"url":"https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b%40%3Cuser.spark.apache.org%3E","name":"[spark-user] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d%40%3Ccommits.submarine.apache.org%3E","name":"[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #475: There is a vulnerability in Apache Spark 2.3.4,upgrade recommended","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b@%3Ccommits.doris.apache.org%3E","name":"[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5593: [FE][Bug] Update Spark version to fix a security issue","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b@%3Cuser.spark.apache.org%3E","name":"[spark-user] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d@%3Ccommits.submarine.apache.org%3E","name":"[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #475: There is a vulnerability in Apache Spark 2.3.4,upgrade recommended","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2@%3Cdev.spark.apache.org%3E","name":"[spark-dev] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://spark.apache.org/security.html#CVE-2020-9480","name":"https://spark.apache.org/security.html#CVE-2020-9480","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security | Apache Spark","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b%40%3Ccommits.doris.apache.org%3E","name":"[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5593: [FE][Bug] Update Spark version to fix a security issue","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2%40%3Cdev.spark.apache.org%3E","name":"[spark-dev] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9480","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9480","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9480","vulnerable":"1","versionEndIncluding":"2.4.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"spark","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9480","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"business_intelligence","cpe6":"5.5.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-9480","ASSIGNER":"security@apache.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apache Software Foundation","product":{"product_data":[{"product_name":"Apache Spark","version":{"version_data":[{"version_value":"Apache Spark 2.4.5 and earlier"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote Code Execution"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://spark.apache.org/security.html#CVE-2020-9480","url":"https://spark.apache.org/security.html#CVE-2020-9480"},{"refsource":"MLIST","name":"[spark-user] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master","url":"https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b@%3Cuser.spark.apache.org%3E"},{"refsource":"MLIST","name":"[spark-dev] 20200803 Re: CVE-2020-9480: Apache Spark RCE vulnerability in auth-enabled standalone master","url":"https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2@%3Cdev.spark.apache.org%3E"},{"refsource":"MLIST","name":"[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #475: There is a vulnerability in Apache Spark 2.3.4,upgrade recommended","url":"https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d@%3Ccommits.submarine.apache.org%3E"},{"refsource":"MLIST","name":"[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5593: [FE][Bug] Update Spark version to fix a security issue","url":"https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b@%3Ccommits.doris.apache.org%3E"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuApr2021.html"}]},"description":{"description_data":[{"lang":"eng","value":"In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc)."}]}},"nvd":{"publishedDate":"2020-06-23 22:15:00","lastModifiedDate":"2023-11-07 03:26:00","problem_types":["CWE-306"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9480","Ordinal":"169871","Title":"CVE-2020-9480","CVE":"CVE-2020-9480","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9480","Ordinal":"1","NoteData":"In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9480","Ordinal":"2","NoteData":"2020-06-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9480","Ordinal":"3","NoteData":"2021-06-14","Type":"Other","Title":"Modified"}]}}}