CVE-2018-11760

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-11760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-11760
Aliases
Published
2019-02-04T17:29:00Z
Modified
2025-01-14T07:22:52.588822Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

References

Affected packages

Git / github.com/apache/spark

Affected versions

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.1.2-rc1
v2.1.2-rc2
v2.1.2-rc3
v2.1.2-rc4
v2.1.3
v2.1.3-rc1
v2.1.3-rc2
v2.2.0
v2.2.1
v2.2.1-rc1
v2.2.1-rc2
v2.2.2
v2.2.2-rc1
v2.2.2-rc2
v2.3.0
v2.3.1
v2.3.1-rc1
v2.3.1-rc2
v2.3.1-rc3
v2.3.1-rc4