CVE-2017-9803 is a vulnerability in Apache Solr
Published on September 18, 2017
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.
Products Associated with CVE-2017-9803
Want to know whenever a new CVE is published for Apache Solr? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Solr Version 6.2.0 to 6.6.0 is affected by CVE-2017-9803Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.