Description
The Hadoop cluster web interface is publicly accessible. This is not recommended on production systems.
Remediation
It's recommended to restrict access to this web interface.
References
Raining Shells - Ambari "0-day"
Hadoop MapReduce Next Generation - Setting up a Single Node Cluster.
Related Vulnerabilities
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.12)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5288)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3731)