CVE-2018-11804 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-11804 Interim 1 12 2025-02-17T02:46:44Z current 2021-05-30T14:13:52Z 2025-02-17T02:46:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-11804 Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Manager Server 3.0 SUSE Manager Server 3.1 SUSE Manager Server 3.2 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 spark spark-core spark as a component of HPE Helion OpenStack 8 spark as a component of SUSE Manager Server 3.0 spark as a component of SUSE Manager Server 3.1 spark-core as a component of SUSE Manager Server 3.2 spark as a component of SUSE OpenStack Cloud 8 spark as a component of SUSE OpenStack Cloud Crowbar 8 Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code. CVE-2018-11804 HPE Helion OpenStack 8:spark SUSE Manager Server 3.0:spark SUSE Manager Server 3.1:spark SUSE Manager Server 3.2:spark-core SUSE OpenStack Cloud 8:spark SUSE OpenStack Cloud Crowbar 8:spark moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N