← Back to CVEs
CVE-2018-11802
MEDIUM4.3
Description
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published4/1/2020
Last Modified4/15/2026
Sourcenvd
Honeypot Sightings0
Affected Products
apache:solr
Weaknesses (CWE)
CWE-863
References
https://www.openwall.com/lists/oss-security/2019/04/24/1(security@apache.org)
https://www.openwall.com/lists/oss-security/2019/04/24/1(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.