Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eHYtOXh4ci1oN3dq
Pyspark User Impersonation Vulnerability
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
Permalink: https://github.com/advisories/GHSA-fvxv-9xxr-h7wjJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eHYtOXh4ci1oN3dq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 5 years ago
Updated: 8 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-fvxv-9xxr-h7wj, CVE-2018-11760
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-11760
- https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
- https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
- https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
- https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
- https://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
- https://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802
Affected Packages
pypi:pyspark
Dependent packages: 488Dependent repositories: 6,227
Downloads: 29,032,123 last month
Affected Version Ranges: >= 1.0.2, < 2.2.3, >= 2.3.0, < 2.3.2
Fixed in: 2.2.3, 2.3.2
All affected versions: 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1
All unaffected versions: 2.2.3, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1