Bug 1672596 (CVE-2018-11760) - CVE-2018-11760 apache spark: local priviledge escalation when using PySpark
Summary: CVE-2018-11760 apache spark: local priviledge escalation when using PySpark
Status: NEW
Alias: CVE-2018-11760
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190128,repor...
Keywords: Security
Depends On:
Blocks: 1672613
TreeView+ depends on / blocked
 
Reported: 2019-02-05 11:51 UTC by msiddiqu
Modified: 2019-05-15 22:47 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description msiddiqu 2019-02-05 11:51:51 UTC
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Comment 5 Joshua Padman 2019-05-15 22:47:05 UTC
This vulnerability is out of security support scope for the following product:
 * Red Hat JBoss Fuse 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.


Note You need to log in before you can comment on or make changes to this bug.