PT-2019-4410 · Apache · Apache Spark

Publicado

2019-01-28

Atualizado

2019-10-03

CVE-2018-11760

CVSS v4.0

6.8

Média

Vetor

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Spark versions 1.x, 2.0.x, 2.1.x, 2.2.0 through 2.2.2, 2.3.0 through 2.3.1

Description The issue is related to insufficient access control in the PySpark interface of the Apache Spark framework. This can allow an attacker to elevate their privileges. A different local user can connect to the Spark application and impersonate the user running the Spark application.

Recommendations For versions 1.x, 2.0.x, 2.1.x, 2.2.0 through 2.2.2, 2.3.0 through 2.3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2020-00135

CVE-2018-11760

GHSA-FVXV-9XXR-H7WJ

PYSEC-2019-169

Produtos afetados

Apache Spark

PT-2019-4410 · Apache · Apache Spark

CVE-2018-11760

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16