Is CVE-2022-33891 patched on this host?
Apache Spark configured with spark.acls.enable set to true is vulnerable to remote code execution via the doAs paramater.
This TTP attempts to access the doAs paramater, if it does successfully then it will attempt to run a shell command.
This exploit is very easy to use, reliable and effects many Apache Spark versions.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)