CVE-2021-29943

CVSS v3.1 9.1 (Critical)

CVSS v2.0 6.4 (Medium)

EPSS 0.15 % (51^th)

Affected Products 1

Advisories 1

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

Weaknesses

CWE-863: Incorrect Authorization

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2021-04-13 07:15:12
(3 years ago)
Updated Date: 2021-06-08 13:51:28
(3 years ago)

Affected Products

Apache

Solr

Configuration #1

		CPE23	From	Up To
	Apache Solr prior 8.8.2 version	cpe:2.3:a:apache:solr		< 8.8.2