Workload misconfigurations

Apache Spark configuration without authentication

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • CCPA
  • ,
  • CPRA
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

We have detected an Apache Spark configuration file on the system which doesn't support authentication. This could allow unwanted users to easily gain access to the application and its data.