CVE-2021-29943

Incorrect Authorization in maven/org.apache.solr/solr-core

Identifier

CVE-2021-29943

Package Slug

maven/org.apache.solr/solr-core

Vulnerability

Incorrect Authorization

Description

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

Affected Versions

All versions before 8.8.2

Solution

Upgrade to version 8.8.2 or above.

Last Modified

2021-04-21

source