Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: DC/OS 1.8.0
    • Fix Version/s: DC/OS 1.8.0
    • Component/s: dcos-ui
    • Labels:
      None

      Description

      We've just installed DCOS on AWS using the process described at: https://docs.mesosphere.com/1.8/administration/installing/cloud/aws/

      We've discovered that the Mesos UI is available from the DCOS UI at /mesos without any authentication.

      curl -v http://<docs-ui-host>/mesos returns content.

      In addition, requesting the URL in a different browser (or incognito window) also proceeds to render the content and allow anyone to dig into sandboxes, logs, etc.

        Attachments

          Activity

            People

            • Assignee:
              jeremy Jeremy Lingmann (Inactive)
              Reporter:
              spudly Damian Murphy (Inactive)
              Team:
              ( DO NOT USE ) Frontend (Mesosphere) Team
              Watchers:
              Albert Strasheim (Inactive), Cody Maloney (Inactive), Damian Murphy (Inactive), Jeremy Lingmann (Inactive), Joel Snook (Inactive)
            • Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: