Is CVE-2018-8024 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Spark

CVE-2018-8024

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used…

EPSS: 0.611 (98.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Spark — versions 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, 2.3.0

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
H4cksploit/CVEs-master
RhinoSecurityLabs/CVEs
likekabin/CVEs_
likescam/CVEs_
merlinepedra/RHINOECURITY-CVEs
merlinepedra25/RHINOSECURITY-CVEs
nattimmis/CVE-Collection
sunzu94/AWS-CVEs

References

spark.apache.org/security.html (x_refsource_CONFIRM)
[dev] 20180711 CVE-2018-8024 Apache Spark XSS vulnerability in UI (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2018-8024?: CVE-2018-8024 is a vulnerability in Apache Software Foundation Spark. Published 2018-07-12.
Is CVE-2018-8024 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.