suse · CVE-2018-1334

Quick triage

Priority: high Published: 2021-05-30 14:07:06 UTC Updated: 2024-07-29 10:00:23 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-1334 severity important: SUSE including 1 source package names (spark), 5 product×package rows across 5 product lines (HPE Helion OpenStack 8, SUSE Manager Server 3.0, … (5 product lines)): Will Not Fix 3, Known Not Affected 2.

Description:

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

cvelogic Threat Intelligence