[jira] [Commented] (HDFS-10774) Reflective XSS and HTML injection vulnerability

2016-08-18 Thread Will Harmon (JIRA) 

[ 
https://issues.apache.org/jira/browse/HDFS-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15426608#comment-15426608
 ] 

Will Harmon commented on HDFS-10774:


Jason,

Thanks very much for your reply. I emailed them on August 8th and they haven't 
replied. Since you confirmed they are the group to contact, I'll keep bugging 
them.

Take care,

Will



On Thu, Aug 18, 2016 at 10:00 AM -0400, "Jason Lowe (JIRA)" 
> wrote:


[ 
https://issues.apache.org/jira/browse/HDFS-10774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15426512#comment-15426512
 ]

Jason Lowe commented on HDFS-10774:
---

Security issues can be mailed to secur...@hadoop.apache.org.  See 
http://hadoop.apache.org/mailing_lists.html#Security for details and pointers 
to other mailing lists.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


> Reflective XSS and HTML injection vulnerability
> ---
>
> Key: HDFS-10774
> URL: https://issues.apache.org/jira/browse/HDFS-10774
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Will Harmon
>  Labels: security
>
> I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I 
> came across an XSS and HTML injection vulnerability. Although my customer 
> instance is 2.0.0, newer versions are also likely vulnerable. I’d like to 
> provide more details about my finding but first want to ensure I’m 
> communicating with the correct group. Please let me know if you would like to 
> know more and how I can securely share my findings.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Created] (HDFS-10774) Reflective XSS and HTML injection vulnerability

2016-08-17 Thread Will Harmon (JIRA) 
Will Harmon created HDFS-10774:
--

 Summary: Reflective XSS and HTML injection vulnerability
 Key: HDFS-10774
 URL: https://issues.apache.org/jira/browse/HDFS-10774
 Project: Hadoop HDFS
  Issue Type: Bug
  Components: security
Affects Versions: 2.0.0-alpha
Reporter: Will Harmon


I’m assessing my customer's Apache Hadoop 2.0.0-CDH4.7.0 installation, and I 
came across an XSS and HTML injection vulnerability. Although my customer 
instance is 2.0.0, newer versions are also likely vulnerable. I’d like to 
provide more details about my finding but first want to ensure I’m 
communicating with the correct group. Please let me know if you would like to 
know more and how I can securely share my findings.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org