CVE-2018-11760

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11760

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11760.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11760

Aliases

Published

2019-02-04T17:29:00Z

Modified

2025-01-14T07:22:52.588822Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

References

Affected packages

Git / github.com/apache/spark

Affected ranges

Type: GIT
Repo: https://github.com/apache/spark
Events: Introduced

8fb6f00e195fb258f3f70f04756e07c259a2351f

Last affected

1e860747458d74a4ccbd081103a0542a2367b14b

Introduced

992447fb30ee9ebb3cf794f2d06f4d63a2d792db

Last affected

30aaa5a3a1076ca52439a905274b1fcf498bc562

Introduced

13650fc58e1fcf2cf2a26ba11c819185ae1acc1f

Last affected

584354eaac02531c9584188b143367ba694b0c34

Introduced

cd0a08361e2526519e7c131c42116bf56fa62c76

Last affected

b7eac07b957b9fdb8ecb318a2c6c9f8b354a2ee3

Introduced

a2c7b2133cfee7fa9abfaa2bfbfb637155466783

Last affected

fc28ba3db7185e84b6dbd02ad8ef8f1d06b9e3c6

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.1.2-rc1

v2.1.2-rc2

v2.1.2-rc3

v2.1.2-rc4

v2.1.3

v2.1.3-rc1

v2.1.3-rc2

v2.2.0

v2.2.1

v2.2.1-rc1

v2.2.1-rc2

v2.2.2

v2.2.2-rc1

v2.2.2-rc2

v2.3.0

v2.3.1

v2.3.1-rc1

v2.3.1-rc2

v2.3.1-rc3

v2.3.1-rc4