CVE-2021-29943 is a vulnerability in Apache Solr
Published on April 13, 2021
Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2021-29943 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2021-29943
Want to know whenever a new CVE is published for Apache Solr? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Solr:- Version Apache Solr and below 8.8.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.