CVE-2018-11760

unknown

Published 2019-02-07 · Modified 2023-11-08

CVSS v3

—

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2

—

VIR risk

—

Description

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2018-11760.html

OS impact

OS	Version	Status	Fixed in
sles		affected

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	pyspark	`>=2.3.0,<2.3.2`	`2.3.2`
PyPI	pyspark	`>=1.0.2,<2.2.3`	`2.2.3`

References

https://nvd.nist.gov/vuln/detail/CVE-2018-11760
https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
https://github.com/apache/spark
https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
https://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
https://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802
https://www.suse.com/security/cve/CVE-2018-11760.html
http://www.securityfocus.com/bid/106786

Verify integrity in audit chain (admin only). AS-IS.