Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Hadoop YARN ResourceManager publicly accessible - Vulnerability Database

Hadoop YARN ResourceManager publicly accessible

Description

Apache Hadoop is a collection of open-source software utilities that facilitate using a network of many computers to solve problems involving massive amounts of data and computation.

Yarn ResourceManager (RM) is the master that arbitrates all the available cluster resources and thus helps manage the distributed applications running on the YARN system. By default, the Hadoop YARN ResourceManager allows any request to be made by anyone. This service should not be accessible on a production website without authentication.

Remediation

Disable external access to the Hadoop YARN ResourceManager.

References

Hadoop safari : Hunting for vulnerabilities

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Unrestricted access to Caddy API interface High
Common tags: Configuration
Unrestricted access to Kong Gateway API High
Common tags: Configuration
Joomla J!Dump extension enabled Medium
Common tags: Configuration
Joomla Debug Console enabled Medium
Common tags: Configuration

Severity

High

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration