Description

Apache Hadoop is a collection of open-source software utilities that facilitate using a network of many computers to solve problems involving massive amounts of data and computation.

Yarn ResourceManager (RM) is the master that arbitrates all the available cluster resources and thus helps manage the distributed applications running on the YARN system. By default, the Hadoop YARN ResourceManager allows any request to be made by anyone. This service should not be accessible on a production website without authentication.

Remediation

Disable external access to the Hadoop YARN ResourceManager.

References

Hadoop safari : Hunting for vulnerabilities

Related Vulnerabilities

Symfony ESI (Edge-Side Includes) enabled

Django weak secret key

Node.js Web Application does not handle uncaughtException

Misconfigured Access-Control-Allow-Origin Header

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7848)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration