Apache Solr up to 7.6 Node Request authorization

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Apache Solr up to 7.6. This affects an unknown part of the component Node Handler. Upgrading to version 7.7 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
994225104/02/2020VulD...cve_nvd_summaryIn Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).mitre.org04/02/2020accepted100
994225004/02/2020VulD...cve_assigned1528156800mitre.org04/02/2020accepted100
994224404/02/2020VulD...cvss3_nvd_aNnist.gov04/02/2020accepted100
994224304/02/2020VulD...cvss3_nvd_iNnist.gov04/02/2020accepted100
994224204/02/2020VulD...cvss3_nvd_cLnist.gov04/02/2020accepted100
994224104/02/2020VulD...cvss3_nvd_sUnist.gov04/02/2020accepted100
994224004/02/2020VulD...cvss3_nvd_uiNnist.gov04/02/2020accepted100
994223904/02/2020VulD...cvss3_nvd_prLnist.gov04/02/2020accepted100
994223804/02/2020VulD...cvss3_nvd_acLnist.gov04/02/2020accepted100
994223704/02/2020VulD...cvss3_nvd_avNnist.gov04/02/2020accepted100
994222404/02/2020VulD...cvss2_nvd_aiNnist.gov04/02/2020accepted100
994222304/02/2020VulD...cvss2_nvd_iiNnist.gov04/02/2020accepted100
994222204/02/2020VulD...cvss2_nvd_ciPnist.gov04/02/2020accepted100
994222104/02/2020VulD...cvss2_nvd_auSnist.gov04/02/2020accepted100
994222004/02/2020VulD...cvss2_nvd_acLnist.gov04/02/2020accepted100
994221904/02/2020VulD...cvss2_nvd_avNnist.gov04/02/2020accepted100
994220904/02/2020VulD...cwe863 (privilege escalation)04/02/2020accepted100
994225904/02/2020VulD...cvss3_nvd_basescore4.3nist.gov04/02/2020accepted90
994225804/02/2020VulD...0day_days34304/02/2020accepted90
994225704/02/2020VulD...cvss3_vuldb_rcX04/02/2020accepted90

Do you want to use VulDB in your project?

Use the official API to access entries easily!