Vulnerabilities > CVE-2018-11760 - Unspecified vulnerability in Apache Spark

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

apache

NVD

Published: 2019-02-04

Updated: 2023-11-07

Summary

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Spark 1.0.2 Apache Spark 1.1.0 Apache Spark 1.1.1 Apache Spark 1.2.0 Apache Spark 1.2.1 Apache Spark 1.2.2 Apache Spark 1.3.0 Apache Spark 1.3.1 Apache Spark 1.4.0 Apache Spark 1.4.1 Apache Spark 1.5.0 Apache Spark 1.5.1 Apache Spark 1.5.2 Apache Spark 1.6.0 Apache Spark 1.6.1 Apache Spark 1.6.2 Apache Spark 1.6.3 Apache Spark 2.0.0 Apache Spark 2.0.1 Apache Spark 2.0.2 Apache Spark 2.1.0 Apache Spark 2.1.1 Apache Spark 2.1.2 Apache Spark 2.1.3 Apache Spark 2.3.0 Apache Spark 2.3.1 Apache Spark 2.2.0 Apache Spark 2.2.1 Apache Spark 2.2.2	53

Summary

Vulnerable Configurations

References