{"id":"CVE-2018-11760","details":"When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.","aliases":["GHSA-fvxv-9xxr-h7wj","PYSEC-2019-169"],"modified":"2026-04-10T04:04:39.614236Z","published":"2019-02-04T17:29:00.280Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e%40%3Ccommits.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b%40%3Cuser.spark.apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106786"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/spark","events":[{"introduced":"8fb6f00e195fb258f3f70f04756e07c259a2351f"},{"last_affected":"1e860747458d74a4ccbd081103a0542a2367b14b"},{"introduced":"13650fc58e1fcf2cf2a26ba11c819185ae1acc1f"},{"last_affected":"584354eaac02531c9584188b143367ba694b0c34"},{"introduced":"cd0a08361e2526519e7c131c42116bf56fa62c76"},{"last_affected":"b7eac07b957b9fdb8ecb318a2c6c9f8b354a2ee3"},{"introduced":"a2c7b2133cfee7fa9abfaa2bfbfb637155466783"},{"last_affected":"fc28ba3db7185e84b6dbd02ad8ef8f1d06b9e3c6"},{"introduced":"992447fb30ee9ebb3cf794f2d06f4d63a2d792db"},{"last_affected":"30aaa5a3a1076ca52439a905274b1fcf498bc562"}],"database_specific":{"versions":[{"introduced":"1.0.2"},{"last_affected":"1.6.3"},{"introduced":"2.0.0"},{"last_affected":"2.0.2"},{"introduced":"2.1.0"},{"last_affected":"2.1.3"},{"introduced":"2.2.0"},{"last_affected":"2.2.2"},{"introduced":"2.3.0"},{"last_affected":"2.3.1"}]}}],"versions":["v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.1.2","v2.1.2-rc1","v2.1.2-rc2","v2.1.2-rc3","v2.1.2-rc4","v2.1.3","v2.1.3-rc1","v2.1.3-rc2","v2.2.0","v2.2.1","v2.2.1-rc1","v2.2.1-rc2","v2.2.2","v2.2.2-rc1","v2.2.2-rc2","v2.3.0","v2.3.1","v2.3.1-rc1","v2.3.1-rc2","v2.3.1-rc3","v2.3.1-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11760.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}