Описание
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
Отчет
Red Hat Fuse 7 includes camel-solr to allow interfacing with Apache Lucene Solr clusters. This is only a client interface and is not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 11 | solr | Out of support scope | ||
| Red Hat Fuse 7 | camel-solr | Not affected | ||
| Red Hat JBoss Data Grid 6 | solr-core | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | solr-core | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | solr-core | Out of support scope | ||
| Red Hat JBoss Fuse 6 | solr-core | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | solr-core | Out of support scope | ||
| Red Hat Virtualization 4 | rhvm-appliance | Not affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
In Apache Solr, the cluster can be partitioned into multiple collectio ...
4.3 Medium
CVSS3