Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Duplicate
-
2.4.0, 2.4.1
-
None
-
None
-
None
Description
During a penetration test, by manually entering the URL for the dfshealth.jsp, its possible to circumvent security on the cluster.
The issue was found in Hortonworks 2.1 but it is believed to exist in all of the Apache based distributions.
Attachments
Issue Links
- duplicates
-
HDFS-6252 Phase out the old web UI in HDFS
- Closed