In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2020-04-01T21:11:38
Updated: 2024-08-05T08:17:09.126Z
Reserved: 2018-06-05T00:00:00
Link: CVE-2018-11802
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-04-01T22:15:15.147
Modified: 2024-11-21T03:44:03.833
Link: CVE-2018-11802
Redhat