Vulnerability Details CVE-2021-29943
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.058
EPSS Ranking 90.0%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210604-0009/
- https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210604-0009/
Products affected by CVE-2021-29943
-
cpe:2.3:a:apache:solr:-
-
cpe:2.3:a:apache:solr:1.1.0
-
cpe:2.3:a:apache:solr:1.2
-
cpe:2.3:a:apache:solr:1.2.0
-
cpe:2.3:a:apache:solr:1.3.0
-
cpe:2.3:a:apache:solr:1.4.0
-
cpe:2.3:a:apache:solr:1.4.1
-
cpe:2.3:a:apache:solr:3.1
-
cpe:2.3:a:apache:solr:3.1.0
-
cpe:2.3:a:apache:solr:3.2
-
cpe:2.3:a:apache:solr:3.2.0
-
cpe:2.3:a:apache:solr:3.3
-
cpe:2.3:a:apache:solr:3.3.0
-
cpe:2.3:a:apache:solr:3.4.0
-
cpe:2.3:a:apache:solr:3.5.0
-
cpe:2.3:a:apache:solr:3.6.0
-
cpe:2.3:a:apache:solr:3.6.1
-
cpe:2.3:a:apache:solr:3.6.2
-
cpe:2.3:a:apache:solr:4.0.0
-
cpe:2.3:a:apache:solr:4.1.0
-
cpe:2.3:a:apache:solr:4.10.0
-
cpe:2.3:a:apache:solr:4.10.1
-
cpe:2.3:a:apache:solr:4.10.2
-
cpe:2.3:a:apache:solr:4.10.3
-
cpe:2.3:a:apache:solr:4.10.4
-
cpe:2.3:a:apache:solr:4.2.0
-
cpe:2.3:a:apache:solr:4.2.1
-
cpe:2.3:a:apache:solr:4.3.0
-
cpe:2.3:a:apache:solr:4.3.1
-
cpe:2.3:a:apache:solr:4.4.0
-
cpe:2.3:a:apache:solr:4.5.0
-
cpe:2.3:a:apache:solr:4.5.1
-
cpe:2.3:a:apache:solr:4.6.0
-
cpe:2.3:a:apache:solr:4.6.1
-
cpe:2.3:a:apache:solr:4.7.0
-
cpe:2.3:a:apache:solr:4.7.1
-
cpe:2.3:a:apache:solr:4.7.2
-
cpe:2.3:a:apache:solr:4.8.0
-
cpe:2.3:a:apache:solr:4.8.1
-
cpe:2.3:a:apache:solr:4.9.0
-
cpe:2.3:a:apache:solr:4.9.1
-
cpe:2.3:a:apache:solr:5.0
-
cpe:2.3:a:apache:solr:5.0.0
-
cpe:2.3:a:apache:solr:5.1
-
cpe:2.3:a:apache:solr:5.1.0
-
cpe:2.3:a:apache:solr:5.2.0
-
cpe:2.3:a:apache:solr:5.2.1
-
cpe:2.3:a:apache:solr:5.3
-
cpe:2.3:a:apache:solr:5.3.0
-
cpe:2.3:a:apache:solr:5.3.1
-
cpe:2.3:a:apache:solr:5.3.2
-
cpe:2.3:a:apache:solr:5.4.0
-
cpe:2.3:a:apache:solr:5.4.1
-
cpe:2.3:a:apache:solr:5.5.0
-
cpe:2.3:a:apache:solr:5.5.1
-
cpe:2.3:a:apache:solr:5.5.2
-
cpe:2.3:a:apache:solr:5.5.3
-
cpe:2.3:a:apache:solr:5.5.4
-
cpe:2.3:a:apache:solr:5.5.5
-
cpe:2.3:a:apache:solr:6.0.0
-
cpe:2.3:a:apache:solr:6.0.1
-
cpe:2.3:a:apache:solr:6.1.0
-
cpe:2.3:a:apache:solr:6.2.0
-
cpe:2.3:a:apache:solr:6.2.1
-
cpe:2.3:a:apache:solr:6.3.0
-
cpe:2.3:a:apache:solr:6.4.0
-
cpe:2.3:a:apache:solr:6.4.1
-
cpe:2.3:a:apache:solr:6.4.2
-
cpe:2.3:a:apache:solr:6.5.0
-
cpe:2.3:a:apache:solr:6.5.1
-
cpe:2.3:a:apache:solr:6.6.0
-
cpe:2.3:a:apache:solr:6.6.1
-
cpe:2.3:a:apache:solr:6.6.2
-
cpe:2.3:a:apache:solr:6.6.3
-
cpe:2.3:a:apache:solr:6.6.4
-
cpe:2.3:a:apache:solr:6.6.5
-
cpe:2.3:a:apache:solr:6.6.6
-
cpe:2.3:a:apache:solr:7.0.0
-
cpe:2.3:a:apache:solr:7.0.1
-
cpe:2.3:a:apache:solr:7.1.0
-
cpe:2.3:a:apache:solr:7.2.0
-
cpe:2.3:a:apache:solr:7.2.1
-
cpe:2.3:a:apache:solr:7.3.0
-
cpe:2.3:a:apache:solr:7.3.1
-
cpe:2.3:a:apache:solr:7.4.0
-
cpe:2.3:a:apache:solr:7.5.0
-
cpe:2.3:a:apache:solr:7.6.0
-
cpe:2.3:a:apache:solr:7.7.0
-
cpe:2.3:a:apache:solr:7.7.1
-
cpe:2.3:a:apache:solr:7.7.2
-
cpe:2.3:a:apache:solr:7.7.3
-
cpe:2.3:a:apache:solr:8.0.0
-
cpe:2.3:a:apache:solr:8.1.0
-
cpe:2.3:a:apache:solr:8.1.1
-
cpe:2.3:a:apache:solr:8.1.2
-
cpe:2.3:a:apache:solr:8.2.0
-
cpe:2.3:a:apache:solr:8.3.0
-
cpe:2.3:a:apache:solr:8.3.1
-
cpe:2.3:a:apache:solr:8.4.0
-
cpe:2.3:a:apache:solr:8.4.1
-
cpe:2.3:a:apache:solr:8.5.0
-
cpe:2.3:a:apache:solr:8.5.1
-
cpe:2.3:a:apache:solr:8.5.2
-
cpe:2.3:a:apache:solr:8.6.0
-
cpe:2.3:a:apache:solr:8.6.1
-
cpe:2.3:a:apache:solr:8.6.2
-
cpe:2.3:a:apache:solr:8.6.3
-
cpe:2.3:a:apache:solr:8.8.1