cbcvebase.
CVE-2021-29943
published 2021-04-13

CVE-2021-29943: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server…

PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
5.26%
91.5th percentile
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachesolr< 8.8.28.8.2
apache_software_foundationapache_solr>= Apache Solr < 8.8.28.8.2
debianlucene-solr

Detection & IOCsextracted from sources · hover to see the quote

  • Detect use of ConfigurableInternodeAuthHadoopPlugin in Apache Solr configurations, which is the specific authentication plugin affected by this credential forwarding vulnerability
  • Monitor Apache Solr distributed/proxy requests for authorization anomalies where server credentials are used in place of original client credentials, potentially allowing unprivileged users to perform unauthorized read/write to collections
  • ·Vulnerability is only exploitable when ConfigurableInternodeAuthHadoopPlugin is configured as the authentication plugin; deployments not using this plugin are not affected
  • ·Apache Solr versions prior to 8.8.2 are affected; upgrade to 8.8.2 or later to remediate

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv9.1CRITICAL
vendor_debian9.1LOW
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.