Pyspark User Impersonation Vulnerability

GHSA-fvxv-9xxr-h7wj · CVE-2018-11760 · PYSEC-2019-169

Published Feb 7, 2019 · Modified Dec 4, 2024

Description

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-11760
ADVISORY https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
WEB https://github.com/apache/spark
WEB https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
WEB https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
WEB https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
WEB https://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
WEB https://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes