Описание
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache-spark | itp | package |
EPSS
Процентиль: 27%
0.00098
Низкий
Связанные уязвимости
CVSS3: 4.7
nvd
больше 7 лет назад
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
CVSS3: 4.7
github
почти 7 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
EPSS
Процентиль: 27%
0.00098
Низкий