You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Naganarasimha G R (JIRA)" <ji...@apache.org> on 2017/06/22 09:59:00 UTC
[jira] [Updated] (YARN-5076) YARN web interfaces lack XFS
protection
[ https://issues.apache.org/jira/browse/YARN-5076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Naganarasimha G R updated YARN-5076:
------------------------------------
Labels: security (was: )
> YARN web interfaces lack XFS protection
> ---------------------------------------
>
> Key: YARN-5076
> URL: https://issues.apache.org/jira/browse/YARN-5076
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager, resourcemanager, timelineserver
> Reporter: Jonathan Maron
> Assignee: Jonathan Maron
> Labels: security
> Fix For: 2.9.0, 3.0.0-alpha1
>
> Attachments: YARN-5076.002.patch, YARN-5076.003.patch, YARN-5076.004.patch
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> There are web interfaces in YARN that do not provide protection against cross frame scripting (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet). HADOOP-13008 provides a common filter for addressing this vulnerability, so this filter should be integrated into the YARN web interfaces.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org