Primary

Context

Apache Livy Unauthorized File Access Vulnerability

Vulnerability

Patched

A vulnerability in Apache Livy versions 0.7.0 and 0.8.0, when connected to Apache Spark 3.1 or later, allows for unauthorized file access. This issue arises from malicious configuration requests that include Spark configuration values supported from version 3.1 onwards. Users can gain access to files they do not have permission for, provided they have access to Livy's REST or JDBC interface and can send requests with arbitrary Spark configuration values.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files, bypassing normal permission restrictions.

Remediation

Users are advised to upgrade to Apache Livy version 0.9.0 or later, which addresses this vulnerability.

Added: Mar 13, 2026, 8:25 PM

Updated: Mar 13, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.2

exploitability

4.5

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.2

exploitability

4.5

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Livy Unauthorized File Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Livy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating