CVE-2018-11802

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11802

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11802.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11802

Aliases

GHSA-j346-h5wc-rw2m

Related

UBUNTU-CVE-2018-11802

Published

2020-04-01T22:15:15Z

Modified

2025-01-14T07:23:27.048206Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).

References

https://www.openwall.com/lists/oss-security/2019/04/24/1

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type: GIT
Repo: https://github.com/apache/lucene-solr
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8c831daf4eb41153c25ddb152501ab5bae3ea3d5

Affected versions

Other

grafts/lucene-oldest

grafts/lucene-solr-copy

grafts/lucene-solr-oldest-merged

grafts/solr-incubator-latest

grafts/solr-incubator-oldest

grafts/solr-latest

grafts/solr-oldest

history/branches/lucene-solr/LUCENE-5622

history/branches/lucene-solr/LUCENE2793

history/branches/lucene-solr/cleanup2878

history/branches/lucene-solr/docvalues

history/branches/lucene-solr/jira/lucene-5438-nrt-replication

history/branches/lucene-solr/lucene-6835

history/branches/lucene-solr/lucene-6997

history/branches/lucene-solr/lucene2510

history/branches/lucene-solr/lucene2858

history/branches/lucene-solr/lucene3069

history/branches/lucene-solr/lucene3312

history/branches/lucene-solr/lucene3606

history/branches/lucene-solr/lucene3661

history/branches/lucene-solr/lucene3795_lsp_spatial_module

history/branches/lucene-solr/lucene3846

history/branches/lucene-solr/lucene3969

history/branches/lucene-solr/lucene4055

history/branches/lucene-solr/lucene4199

history/branches/lucene-solr/lucene4236

history/branches/lucene-solr/lucene4335

history/branches/lucene-solr/lucene4446

history/branches/lucene-solr/lucene4547

history/branches/lucene-solr/lucene4765

history/branches/lucene-solr/lucene5178

history/branches/lucene-solr/lucene5207

history/branches/lucene-solr/lucene5339

history/branches/lucene-solr/lucene539399

history/branches/lucene-solr/lucene5468

history/branches/lucene-solr/lucene5487

history/branches/lucene-solr/lucene5493

history/branches/lucene-solr/lucene5611

history/branches/lucene-solr/lucene5666

history/branches/lucene-solr/lucene5675

history/branches/lucene-solr/lucene5752

history/branches/lucene-solr/lucene5858

history/branches/lucene-solr/lucene5969

history/branches/lucene-solr/lucene5995

history/branches/lucene-solr/lucene6196

history/branches/lucene-solr/lucene6238

history/branches/lucene-solr/lucene6271

history/branches/lucene-solr/lucene6299

history/branches/lucene-solr/lucene6487

history/branches/lucene-solr/pforcodec_3892

history/branches/lucene-solr/preflexfixes

history/branches/lucene-solr/realtime_search

history/branches/lucene-solr/slowclosing

history/branches/lucene-solr/solr2452

history/branches/lucene-solr/solr3733

history/branches/lucene-solr/solr5914

history/branches/lucene-solr/solr7787