CVE-2021-29943

CRITICAL9.1EPSS 5.8%

Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections

發布日:2021/5/10修改日:2025/5/20

描述

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

受影響套件(2)

Bitnami/solrfrom 0, < 8.8.2
Maven/org.apache.solr:solr-parentfrom 0, < 8.8.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-29943
WEBhttps://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
WEBhttps://security.netapp.com/advisory/ntap-20210604-0009
WEBhttps://security.netapp.com/advisory/ntap-20210604-0009/