[YARN-5076] YARN web interfaces lack XFS protection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.9.0, 3.0.0-alpha1
Component/s: nodemanager, resourcemanager, timelineserver
Labels:
- security

Hadoop Flags:

Reviewed

Description

There are web interfaces in YARN that do not provide protection against cross frame scripting (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet). ~~HADOOP-13008~~ provides a common filter for addressing this vulnerability, so this filter should be integrated into the YARN web interfaces.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-5076.004.patch
19/May/16 12:41
20 kB
Jonathan Maron
YARN-5076.003.patch
18/May/16 20:02
20 kB
Jonathan Maron
YARN-5076.002.patch
13/May/16 00:43
21 kB
Jonathan Maron

Activity

People

Assignee:: Jonathan Maron

Reporter:: Jonathan Maron

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 12/May/16 14:01

Updated:: 25/Oct/19 20:26

Resolved:: 19/May/16 21:16

Time Tracking

Estimated:

48h

Remaining:

48h

Logged:

Not Specified