Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-9803

Опубликовано: 18 сент. 2017
Источник: redhat
CVSS3: 8.1

Описание

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

Отчет

This issue did not affect the versions of Apache Solr as shipped with in Red Hat products.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Data Grid 6solr-coreNot affected
Red Hat JBoss Data Virtualization 6solr-coreNot affected
Red Hat JBoss Enterprise Application Platform 6solr-coreNot affected
Red Hat JBoss Fuse 6camelNot affected
Red Hat JBoss Fuse Service Works 6solr-coreNot affected
Red Hat JBoss Portal 6solr-coreNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1493507solr: Kerberos delegation token functionality allows to re-use authentication

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-9803

CVSS3: 7.5
ubuntu
больше 8 лет назад

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

nvd логотип

CVE-2017-9803

CVSS3: 7.5
nvd
больше 8 лет назад

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

debian логотип

CVE-2017-9803

CVSS3: 7.5
debian
больше 8 лет назад

Apache Solr's Kerberos plugin can be configured to use delegation toke ...

github логотип

GHSA-f553-j2gv-g5r9

CVSS3: 7.5
github
больше 3 лет назад

Apache Solr Kerberos delegation token functionality flaws

8.1 High

CVSS3