Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-5076

YARN web interfaces lack XFS protection

    Details

    • Hadoop Flags:
      Reviewed

      Description

      There are web interfaces in YARN that do not provide protection against cross frame scripting (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet). HADOOP-13008 provides a common filter for addressing this vulnerability, so this filter should be integrated into the YARN web interfaces.

        Attachments

        1. YARN-5076.002.patch
          21 kB
          Jonathan Maron
        2. YARN-5076.003.patch
          20 kB
          Jonathan Maron
        3. YARN-5076.004.patch
          20 kB
          Jonathan Maron

          Activity

            People

            • Assignee:
              jmaron Jonathan Maron
              Reporter:
              jmaron Jonathan Maron
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 48h
                48h
                Remaining:
                Remaining Estimate - 48h
                48h
                Logged:
                Time Spent - Not Specified
                Not Specified