Closed pshiu closed 1 year ago
Hadoop YARN Resource Managers are exposed by default on a standard Hadoop installation. This could allow third parties to run undesired Hadoop jobs.
We received notice that an operator of Open edX has been affected by this issue after following the setup instructions in the README.md.
For more information on securing YARN Web UIs and REST APIs, see: https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Securing_YARN_Application_Web_UIs_and_REST_APIs.
Description
Hadoop YARN Resource Managers are exposed by default on a standard Hadoop installation. This could allow third parties to run undesired Hadoop jobs.
We received notice that an operator of Open edX has been affected by this issue after following the setup instructions in the README.md.
For more information on securing YARN Web UIs and REST APIs, see: https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Securing_YARN_Application_Web_UIs_and_REST_APIs.
Additional Information