CVE-2018-1334

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*

History

07 Nov 2023, 02:55

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E', 'name': '[dev] 20180711 CVE-2018-1334 Apache Spark local privilege escalation vulnerability', 'tags': ['Mailing List', 'Mitigation', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E -

Information

Published : 2018-07-12 13:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-1334

Mitre link : CVE-2018-1334

CVE.ORG link : CVE-2018-1334


JSON object : View

Products Affected

apache

  • spark
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor