CVE-2018-11760

CWE-284Improper Access Control8 documents7 sources
Severity
5.5MEDIUM
EPSS
0.5%
top 35.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SparkApache Software Foundation Apache Spark
Timeline
PublishedFeb 4
Latest updateFeb 7

Description

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

PyPIpyspark2.3.02.3.2+1
NVDapache/spark1.0.21.6.3+4
CVEListV5apache_software_foundation/apache_sparkApache Spark 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1

🔴Vulnerability Details

4
GHSA
Pyspark User Impersonation Vulnerability2019-02-07
OSV
Pyspark User Impersonation Vulnerability2019-02-07
CVEList
CVE-2018-11760: When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark applicati2019-02-04
OSV
CVE-2018-11760: When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark applicati2019-02-04

📋Vendor Advisories

2
Red Hat
spark: local priviledge escalation when using PySpark2019-01-28
Apache
Apache spark: CVE-2018-11760

💬Community

1
Bugzilla
CVE-2018-11760 apache spark: local priviledge escalation when using PySpark2019-02-05
CVE-2018-11760 (MEDIUM CVSS 5.5) | When using PySpark | cvebase.io