← Retour aux CVEs
CVE-2018-11802
MEDIUM4.3
Description
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
Details CVE
Score CVSS v3.14.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie4/1/2020
Derniere modification4/15/2026
Sourcenvd
Observations honeypot0
Produits affectes
apache:solr
Faiblesses (CWE)
CWE-863
References
https://www.openwall.com/lists/oss-security/2019/04/24/1(security@apache.org)
https://www.openwall.com/lists/oss-security/2019/04/24/1(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.