CVE-2018-1334
N/A
N/A
Summary
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Spark | 1.0.0 to 2.1.2 | affected |
| Apache Software Foundation | Apache Spark | 2.2.0 to 2.2.1 | affected |
| Apache Software Foundation | Apache Spark | 2.3.0 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://spark.apache.org/security.html#CVE-2018-1334
- https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E
References
- https://spark.apache.org/security.html#CVE-2018-1334
- https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.