You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Mike Drob <md...@apache.org> on 2021/04/12 21:14:36 UTC
CVE-2021-29943: Apache Solr Unprivileged users may be able to perform
unauthorized read/write to collections
Description:
When using ConfigurableInternodeAuthHadoopPlugin for authentication,
Apache Solr versions prior to 8.8.2 would forward/proxy distributed
requests using server credentials instead of original client
credentials. This would result in incorrect authorization resolution
on the receiving hosts.
This issue is being tracked as SOLR-15233
Credit:
Geza Nagy