{"containers":{"cna":{"affected":[{"product":"Apache Spark","vendor":"Apache","versions":[{"status":"affected","version":"2.3.2 and below"}]}],"descriptions":[{"lang":"en","value":"Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs."}],"problemTypes":[{"descriptions":[{"description":"Unencrypted data","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-06-22T23:06:18.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["x_refsource_MISC"],"url":"https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e%40%3Cuser.spark.apache.org%3E"},{"name":"[spark-issues] 20200318 [jira] [Commented] (SPARK-28626) Spark leaves unencrypted data on local disk, even with encryption turned on (CVE-2019-10099)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2%40%3Cissues.spark.apache.org%3E"},{"name":"[spark-commits] 20200622 [spark-website] branch asf-site updated: CVE-2020-9480 details (#275)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae%40%3Ccommits.spark.apache.org%3E"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2019-10099","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Spark","version":{"version_data":[{"version_value":"2.3.2 and below"}]}}]},"vendor_name":"Apache"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Unencrypted data"}]}]},"references":{"reference_data":[{"name":"https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E","refsource":"MISC","url":"https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E"},{"name":"[spark-issues] 20200318 [jira] [Commented] (SPARK-28626) Spark leaves unencrypted data on local disk, even with encryption turned on (CVE-2019-10099)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E"},{"name":"[spark-commits] 20200622 [spark-website] branch asf-site updated: CVE-2020-9480 details (#275)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T22:10:09.549Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e%40%3Cuser.spark.apache.org%3E"},{"name":"[spark-issues] 20200318 [jira] [Commented] (SPARK-28626) Spark leaves unencrypted data on local disk, even with encryption turned on (CVE-2019-10099)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2%40%3Cissues.spark.apache.org%3E"},{"name":"[spark-commits] 20200622 [spark-website] branch asf-site updated: CVE-2020-9480 details (#275)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae%40%3Ccommits.spark.apache.org%3E"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2019-10099","datePublished":"2019-08-07T16:18:46.000Z","dateReserved":"2019-03-26T00:00:00.000Z","dateUpdated":"2024-08-04T22:10:09.549Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}