Description

The Hadoop cluster web interface is publicly accessible. This is not recommended on production systems.

Remediation

It's recommended to restrict access to this web interface.

References

Raining Shells - Ambari "0-day"

Hadoop MapReduce Next Generation - Setting up a Single Node Cluster.

Related Vulnerabilities

Spring Boot Misconfiguration: Actuator endpoint security disabled

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.1)

WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)

JavaMelody publicly accessible

WordPress Plugin Formidable Form Builder-Contact Form, Survey & Quiz Forms for WordPress Information Disclosure (2.0.07)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Configuration