Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.14.0
-
None
-
None
Description
Through restapi, non-admin users can access drill threads data:
curl -b ~/.drill_cookies -k -H "Content-Type: application/json" -X GET https://10.10.10.000:8047/status/threads "Reference Handler" id=2 state=WAITING - waiting on <0x15c20b08> (a java.lang.ref.Reference$Lock) - locked <0x15c20b08> (a java.lang.ref.Reference$Lock) at java.lang.Object.wait(Native Method) at java.lang.Object.wait(Object.java:502) at java.lang.ref.Reference.tryHandlePending(Reference.java:191) at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:153)