Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-5076

YARN web interfaces lack XFS protection

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Hadoop Flags:
      Reviewed

      Description

      There are web interfaces in YARN that do not provide protection against cross frame scripting (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet). HADOOP-13008 provides a common filter for addressing this vulnerability, so this filter should be integrated into the YARN web interfaces.

        Attachments

        1. YARN-5076.002.patch
          21 kB
          Jonathan Maron
        2. YARN-5076.003.patch
          20 kB
          Jonathan Maron
        3. YARN-5076.004.patch
          20 kB
          Jonathan Maron

          Activity

            People

            • Assignee:
              jmaron Jonathan Maron
              Reporter:
              jmaron Jonathan Maron

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 48h
                48h
                Remaining:
                Remaining Estimate - 48h
                48h
                Logged:
                Time Spent - Not Specified
                Not Specified

                  Issue deployment