Описание
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
A flaw was found in solr. Server credentials, instead of client credentials, are used for authenticating forward/proxy distributed requests using the ConfigurableInternodeAuthHadoopPlugin resulting in incorrect authorization resolution on the receiving hosts. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | solr | Not affected | ||
| Red Hat Integration Camel K 1 | camel-solr | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | solr | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | solr | Out of support scope | ||
| Red Hat JBoss Fuse 6 | solr | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | solr | Out of support scope | ||
| Red Hat JBoss Web Server 3 | solr | Not affected |
Показывать по
Дополнительная информация
Статус:
9.1 Critical
CVSS3
Связанные уязвимости
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...
9.1 Critical
CVSS3