You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Nitin Gupta (Jira)" <ji...@apache.org> on 2021/07/30 06:37:00 UTC
[jira] [Assigned] (OAK-9520) CVE-2021-29262 in oak-solr-osgi
[ https://issues.apache.org/jira/browse/OAK-9520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nitin Gupta reassigned OAK-9520:
--------------------------------
Assignee: Nitin Gupta
> CVE-2021-29262 in oak-solr-osgi
> --------------------------------
>
> Key: OAK-9520
> URL: https://issues.apache.org/jira/browse/OAK-9520
> Project: Jackrabbit Oak
> Issue Type: Bug
> Reporter: Nitin Gupta
> Assignee: Nitin Gupta
> Priority: Major
>
> Vulnerability in: org.apache.solr : solr-solrj : 8.6.3
> CVE-2021-29262
>
> {code:java}
> When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)