CVE-2021-29262 is a vulnerability in Apache Solr
Published on April 13, 2021
Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2021-29262
Want to know whenever a new CVE is published for Apache Solr? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Solr:- Version Apache Solr and below 8.8.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.