Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eHYtOXh4ci1oN3dq

Pyspark User Impersonation Vulnerability

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Permalink: https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eHYtOXh4ci1oN3dq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 5 years ago
Updated: 8 months ago

CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Identifiers: GHSA-fvxv-9xxr-h7wj, CVE-2018-11760
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-11760
• https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
• https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
• https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
• https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
• https://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
• https://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802

Blast Radius: 20.9

Affected Packages