Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9006

The agent's GET_AGENT leaks resource information when using authorization

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Accepted
    • Critical
    • Resolution: Unresolved
    • None
    • None
    • None
    • 3

    Description

      While the master's GET_AGENTS call e.g., filters resources (by using an approver with VIEW_ROLE) so that it does not leak resources the querying principal should not be able to see, no such filtering is done in the corresponding agent's GET_AGENT call.

      This call should be authorized as well to not expose information we expect to be not visible.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-7887 `GET_EXECUTORS` and `/state` is not consistent between master and agent

          • Major - Major loss of function.
          • Accepted

          Activity

            People

              Unassigned Unassigned
              bbannier Benjamin Bannier
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: