CVE-2018-11760
MEDIUM5.5EPSS 0.16%Pyspark User Impersonation Vulnerability
發布日:2019/2/7修改日:2024/12/4
描述
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
受影響套件(2)
- PyPI/pyspark>= 2.3.0, < 2.3.2
- PyPI/pyspark>= 2.3.0, < 2.3.2, >= 1.0.2, < 2.2.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(9)
- ADVISORYhttps://github.com/advisories/GHSA-fvxv-9xxr-h7wj
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11760
- WEBhttps://github.com/apache/spark
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
- WEBhttps://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
- WEBhttps://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
- WEBhttps://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802
- WEBhttp://www.securityfocus.com/bid/106786