CVE-2018-11760 – pyspark

Package

Manager: pip
Name: pyspark
Vulnerable Version: >=2.3.0 <2.3.2 || >=1.0.2 <2.2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.005 pctl0.64933

Details

Pyspark User Impersonation Vulnerability When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Metadata

Created: 2019-02-07T18:02:21Z
Modified: 2024-10-24T21:44:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-fvxv-9xxr-h7wj/GHSA-fvxv-9xxr-h7wj.json
CWE IDs: []
Alternative ID: GHSA-fvxv-9xxr-h7wj
Finding: F039
Auto approve: 1