Known Issues in Apache Knox
Learn about the known issues in Knox, the impact or changes to the functionality, and the workaround.
- CDPD-28431: Intermittent errors could be potentially encountered when Impala UI is accessed from multiple Knox nodes.
- You must use a single Knox node to access Impala UI.
- CDPD-3125: Logging out of Atlas does not manage the external authentication
- At this time, Atlas does not communicate a log-out event with the external authentication management, Apache Knox. When you log out of Atlas, you can still open the instance of Atlas from the same web browser without re-authentication.
- OPSAPS-58179: HIVE endpoint url is updated on only one knox host topolgies. While on other knox host, the Cloudera Manager configuraiton monitoring change is not identified and topologies are not updated with the Hive URL.
- None
- CDPD-22785: Improvements and issues needs to be addressed in convert-topology knox cli command
- None
Technical Service Bulletins
- TSB 2022-553: DOM based XSS Vulnerability in Apache Knox
- When using Knox Single Sign On (SSO) in the affected releases, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. The request includes a specially crafted request parameter that could be used to redirect the user to a page controlled by an attacker. This request URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article: TSB 2022-553: DOM based XSS Vulnerability in Apache Knox (“Knox”)
- TSB 2023-630: Apache Knox - Server-side Request Forgery in host parameter
- When authenticated to an Apache Knox (Knox) protected endpoint, such as Apache HBase (HBase), modifying the host parameter by adding an external host causes Knox to unexpectedly send a request to the external host which includes the user's cookies. A malicious actor may present this request URL to the user through an XSS attack or phishing campaign.
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article: TSB 2023-630: Apache Knox - Server-side Request Forgery in host parameter