CVE-2021-29943
published 2021-04-13CVE-2021-29943: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
5.26%
91.5th percentile
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | solr | < 8.8.2 | 8.8.2 |
| apache_software_foundation | apache_solr | >= Apache Solr < 8.8.2 | 8.8.2 |
| debian | lucene-solr | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect use of ConfigurableInternodeAuthHadoopPlugin in Apache Solr configurations, which is the specific authentication plugin affected by this credential forwarding vulnerability ↗
- →Monitor Apache Solr distributed/proxy requests for authorization anomalies where server credentials are used in place of original client credentials, potentially allowing unprivileged users to perform unauthorized read/write to collections ↗
- ·Vulnerability is only exploitable when ConfigurableInternodeAuthHadoopPlugin is configured as the authentication plugin; deployments not using this plugin are not affected ↗
- ·Apache Solr versions prior to 8.8.2 are affected; upgrade to 8.8.2 or later to remediate ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv9.1CRITICAL
vendor_debian9.1LOW
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
solr: unprivileged users may be able to perform unauthorized read/write to collections
vendor_redhat·2021-04-12·CVSS 9.1
CVE-2021-29943 [CRITICAL] CWE-863 solr: unprivileged users may be able to perform unauthorized read/write to collections
solr: unprivileged users may be able to perform unauthorized read/write to collections
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
A flaw was found in solr. Server credentials, instead of client credentials, are used for authenticating forward/proxy distributed requests using the ConfigurableInternodeAuthHadoopPlugin resulting in incorrect authorization resolution on the receiving hosts. The highest threat from this vulnerability is to data confidentiality and integrity.
Package: solr (Red Hat Fuse 7) - Not affected
Package: camel-solr (Red Ha
Debian
CVE-2021-29943: lucene-solr - When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr...
vendor_debian·2021·CVSS 9.1
CVE-2021-29943 [CRITICAL] CVE-2021-29943: lucene-solr - When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr...
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
Incorrect Authorization in Apache Solr
osv·2021-05-10
CVE-2021-29943 [CRITICAL] Incorrect Authorization in Apache Solr
Incorrect Authorization in Apache Solr
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
GHSA
Incorrect Authorization in Apache Solr
ghsa·2021-05-10
CVE-2021-29943 [CRITICAL] CWE-863 Incorrect Authorization in Apache Solr
Incorrect Authorization in Apache Solr
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
OSV
CVE-2021-29943: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8
osv·2021-04-13·CVSS 9.1
CVE-2021-29943 [CRITICAL] CVE-2021-29943: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210604-0009/https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210604-0009/
2021-04-13
Published