Critical severityNVD Advisory· Published Apr 13, 2021· Updated Aug 3, 2024
Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
CVE-2021-29943
Description
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.solr:solr-parentMaven | < 8.8.2 | 8.8.2 |
Affected products
3- osv-coords2 versions
< 8.8.2+ 1 more
- (no CPE)range: < 8.8.2
- (no CPE)range: < 8.8.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vf7p-j8x6-xvwpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29943ghsaADVISORY
- lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3Eghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20210604-0009ghsaWEB
- security.netapp.com/advisory/ntap-20210604-0009/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.