CVE-2018-1334

Summary

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Spark1.0.0 to 2.1.2affected
Apache Software FoundationApache Spark2.2.0 to 2.2.1affected
Apache Software FoundationApache Spark2.3.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References