CVE-2021-29943

CRITICAL9.1EPSS 5.8%

Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections

Published: 5/10/2021Modified: 5/20/2025

Description

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

Affected packages (2)

Bitnami/solrfrom 0, < 8.8.2
Maven/org.apache.solr:solr-parentfrom 0, < 8.8.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-29943
WEBhttps://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
WEBhttps://security.netapp.com/advisory/ntap-20210604-0009
WEBhttps://security.netapp.com/advisory/ntap-20210604-0009/