Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
databricks/api/2.0/clusters/list
Databricks Clusters API
What an attacker could do
A valid Databricks token reaching this endpoint reveals all clusters and lets an attacker attach notebooks or jobs that run arbitrary code with the workspace's cloud IAM permissions, pivoting into the underlying AWS/Azure/GCP account and data lake.
How to defend it
Treat Databricks PATs as secrets with short TTLs, enable IP access lists and SSO/SCIM, use cluster policies and Unity Catalog for least privilege, and scope the instance profile/managed identity minimally.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation