CVE-2018-11760

Summary

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SparkApache Spark 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References