Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS-321

Resources under /mesos available without authentication

    Details

    • Type: Bug
    • Status: Closed (View workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: DC/OS 1.8
    • Fix Version/s: DC/OS 1.8
    • Component/s: dcos-ui
    • Labels:
      None

      Description

      We've just installed DCOS on AWS using the process described at: https://docs.mesosphere.com/1.8/administration/installing/cloud/aws/

      We've discovered that the Mesos UI is available from the DCOS UI at /mesos without any authentication.

      curl -v http://<docs-ui-host>/mesos returns content.

      In addition, requesting the URL in a different browser (or incognito window) also proceeds to render the content and allow anyone to dig into sandboxes, logs, etc.

        Attachments

          Activity

            People

            • Assignee:
              jeremy Jeremy Lingmann
              Reporter:
              spudly Damian Murphy
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: