Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9006

The agent's GET_AGENT leaks resource information when using authorization

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Story Points:
      3

      Description

      While the master's GET_AGENTS call e.g., filters resources (by using an approver with VIEW_ROLE) so that it does not leak resources the querying principal should not be able to see, no such filtering is done in the corresponding agent's GET_AGENT call.

      This call should be authorized as well to not expose information we expect to be not visible.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bbannier Benjamin Bannier
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: