CVE-2018-11760
Pyspark User Impersonation Vulnerability
5.5
MEDIUM
CVSS 3.1
EPSS 0.16%
Description
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
How to fix CVE-2018-11760
To remediate CVE-2018-11760, upgrade the affected package to a fixed version below.
- PyPI/pyspark—upgrade to 2.3.2 or later
- —upgrade to 2.3.2 or later
Is CVE-2018-11760 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.3.0, < 2.3.2
- >= 2.3.0, < 2.3.2, >= 1.0.2, < 2.2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |