[ https://issues.apache.org/jira/browse/HBASE-25407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Viraj Jasani updated HBASE-25407: --------------------------------- Fix Version/s: (was: 2.4.1) (was: 2.5.0) (was: 2.3.4) (was: 2.2.7) (was: 1.7.0) (was: 3.0.0-alpha-1) > list_regions make potential sensitive information disclosure > ------------------------------------------------------------ > > Key: HBASE-25407 > URL: https://issues.apache.org/jira/browse/HBASE-25407 > Project: HBase > Issue Type: Bug > Reporter: lujie > Priority: Critical > Attachments: image-2020-12-18-13-00-20-126.png, > image-2020-12-18-13-07-00-777.png > > > I found that I can get other users' region information which is not expected. > > For example i create a table as sysadmin, then I can read the region > information as user1. > !image-2020-12-18-13-00-20-126.png! > > I have found that list_regions is introduced by > https://issues.apache.org/jira/browse/HBASE-14925 > > we can also get the region info by rest > > !image-2020-12-18-13-07-00-777.png! > > i think if we expose more informaiton, we will be in more danger case, and > even be attacked by others. > -- This message was sent by Atlassian Jira (v8.3.4#803005)