[jira] [Updated] (HBASE-25407) list_regions make potential sensitive information disclosure

Viraj Jasani (Jira) Tue, 22 Dec 2020 09:53:10 -0800


     [ 
https://issues.apache.org/jira/browse/HBASE-25407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Viraj Jasani updated HBASE-25407:
---------------------------------
    Fix Version/s:     (was: 2.4.1)
                       (was: 2.5.0)
                       (was: 2.3.4)
                       (was: 2.2.7)
                       (was: 1.7.0)
                       (was: 3.0.0-alpha-1)

> list_regions make potential sensitive information disclosure
> ------------------------------------------------------------
>
>                 Key: HBASE-25407
>                 URL: https://issues.apache.org/jira/browse/HBASE-25407
>             Project: HBase
>          Issue Type: Bug
>            Reporter: lujie
>            Priority: Critical
>         Attachments: image-2020-12-18-13-00-20-126.png, 
> image-2020-12-18-13-07-00-777.png
>
>
> I found that I can get other users' region information which is not expected.
>   
>  For example i create a table as sysadmin, then I can read the region 
> information as user1.
>  !image-2020-12-18-13-00-20-126.png!
>   
>  I have found that list_regions is introduced by 
> https://issues.apache.org/jira/browse/HBASE-14925
>  
> we can also get the region info by rest  
>  
> !image-2020-12-18-13-07-00-777.png!
>  
>  i think if we expose more informaiton, we will be in more danger case, and 
> even be attacked by others. 
>   



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (HBASE-25407) list_regions make potential sensitive information disclosure

Reply via email to