CVE-2021-29943 - OpenCVE

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Solr

Configuration 1 [-]

cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-29943
https://security.netapp.com/advisory/ntap-20210604-0009/
https://www.cve.org/CVERecord?id=CVE-2021-29943

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-04-13T06:35:22

Updated: 2024-08-03T22:18:03.277Z

Reserved: 2021-04-01T00:00:00

Link: CVE-2021-29943

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-13T07:15:12.403

Modified: 2021-06-08T13:51:28.650

Link: CVE-2021-29943

Redhat

Severity : Important

Publid Date: 2021-04-12T00:00:00Z

Links: CVE-2021-29943 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Apache Solr", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "8.8.2", "status": "affected", "version": "Apache Solr", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Geza Nagy"}], "descriptions": [{"lang": "en", "value": "When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-04T09:06:14", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210604-0009/"}], "source": {"defect": ["SOLR-15233"], "discovery": "UNKNOWN"}, "title": "Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-29943", "STATE": "PUBLIC", "TITLE": "Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Solr", "version": {"version_data": [{"version_affected": "<", "version_name": "Apache Solr", "version_value": "8.8.2"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Geza Nagy"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E"}, {"name": "https://security.netapp.com/advisory/ntap-20210604-0009/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210604-0009/"}]}, "source": {"defect": ["SOLR-15233"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:18:03.277Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210604-0009/"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-29943", "datePublished": "2021-04-13T06:35:22", "dateReserved": "2021-04-01T00:00:00", "dateUpdated": "2024-08-03T22:18:03.277Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8DCA294-D45F-4B22-8183-301F60BC4393", "versionEndExcluding": "8.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts."}, {"lang": "es", "value": "Cuando se usa la funci\u00f3n ConfigurableInternodeAuthHadoopPlugin para la autenticaci\u00f3n, Apache Solr versiones anteriores a versi\u00f3n 8.8.2 reenviar\u00eda y realizar\u00eda proxy de unas peticiones distribuidas usando unas credenciales del servidor en lugar de las credenciales originales del cliente. Esto podr\u00eda resultar en una resoluci\u00f3n de autorizaci\u00f3n incorrecta en los hosts receptores"}], "id": "CVE-2021-29943", "lastModified": "2021-06-08T13:51:28.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-13T07:15:12.403", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210604-0009/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@apache.org", "type": "Secondary"}]}

{"bugzilla": {"description": "solr: unprivileged users may be able to perform unauthorized read/write to collections", "id": "1949521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949521"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-863", "details": ["When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.", "A flaw was found in solr. Server credentials, instead of client credentials, are used for authenticating forward/proxy distributed requests using the ConfigurableInternodeAuthHadoopPlugin resulting in incorrect authorization resolution on the receiving hosts. The highest threat from this vulnerability is to data confidentiality and integrity."], "name": "CVE-2021-29943", "package_state": [{"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "impact": "moderate", "package_name": "camel-solr", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "solr", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "solr", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "solr", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "impact": "moderate", "package_name": "solr", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "solr", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "solr", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2021-04-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-29943\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29943"], "threat_severity": "Important", "upstream_fix": "Solr 8.8.2"}