[jira] [Updated] (YARN-5076) YARN web interfaces lack XFS protection

Naganarasimha G R (JIRA) Thu, 22 Jun 2017 02:59:15 -0700

     [ 
https://issues.apache.org/jira/browse/YARN-5076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Naganarasimha G R updated YARN-5076:
------------------------------------
    Labels: security  (was: )

> YARN web interfaces lack XFS protection
> ---------------------------------------
>
>                 Key: YARN-5076
>                 URL: https://issues.apache.org/jira/browse/YARN-5076
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager, resourcemanager, timelineserver
>            Reporter: Jonathan Maron
>            Assignee: Jonathan Maron
>              Labels: security
>             Fix For: 2.9.0, 3.0.0-alpha1
>
>         Attachments: YARN-5076.002.patch, YARN-5076.003.patch, 
> YARN-5076.004.patch
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> There are web interfaces in YARN that do not provide protection against cross 
> frame scripting 
> (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet).  
> HADOOP-13008 provides a common filter for addressing this vulnerability, so 
> this filter should be integrated into the YARN web interfaces.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

[jira] [Updated] (YARN-5076) YARN web interfaces lack XFS protection

Reply via email to