When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
References
Configurations
History
01 Apr 2022, 15:30
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory |
06 Oct 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2021, 18:13
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E - Mailing List, Vendor Advisory |
30 Aug 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jun 2021, 13:53
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210604-0009/ - Third Party Advisory |
04 Jun 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-04-13 07:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-29262
Mitre link : CVE-2021-29262
CVE.ORG link : CVE-2021-29262
JSON object : View
Products Affected
apache
- solr
CWE
CWE-522
Insufficiently Protected Credentials