CVE-2018-11802: Authorization Bug Disclosure

April 1, 2020 (updated April 3, 2020)

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. If a node receives a request for a collection it does not host, it forwards the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests.

References

issues.apache.org/jira/browse/SOLR-12514
nvd.nist.gov/vuln/detail/CVE-2018-11802
www.openwall.com/lists/oss-security/2019/04/24/1

Detect and mitigate CVE-2018-11802 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →