CVE-2018-11760

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Spark
Vendor: CVE Published:; 4 February 2019

Summary

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Affected Version(s)

Apache Spark Apache Spark 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1

References

http://www.securityfocus.com/bid/106786

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/a86ee93d07b6f61b82b6...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/6d015e56b3a3da968f86...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2019
Vulnerability Reserved
Jun 5, 2018