oss-sec mailing list archives
CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
From: Mike Drob <mdrob () apache org>
Date: Mon, 12 Apr 2021 16:09:56 -0500
Description: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. This issue is being tracked as SOLR-15233 Credit: Geza Nagy
Current thread:
- CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections Mike Drob (Apr 12)