CVE-2018-1334

Description

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

Affected products

• Apache Software Foundation / Apache Spark1.0.0 to 2.1.2 – 1.0.0 to 2.1.2
• Apache Software Foundation / Apache Spark2.2.0 to 2.2.1 – 2.2.0 to 2.2.1
• Apache Software Foundation / Apache Spark2.3.0 – 2.3.0

References

• MISChttps://spark.apache.org/security.html#CVE-2018-1334
• MAILING_LISThttps://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E