Lucene search
Redhat.comRH:CVE-2018-11802HistoryMay 07, 2019 - 7:03 p.m.
CVE-2018-11802
2019-05-0719:03:51
redhat.com
access.redhat.com
13
EPSS
0.001
Percentile
29.0%
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
Related
github
github
Incorrect Authorization in Apache Solr
2022-02-09 23:19:26
osv
osv
Incorrect Authorization in Apache Solr
2022-02-09 23:19:26
CVE-2018-11802
2020-04-01 22:15:15
ibm
ibm
prion
prion
Authorization
2020-04-01 22:15:00
cvelist
cvelist
CVE-2018-11802
2020-04-01 21:11:38
debiancve
debiancve
CVE-2018-11802
2020-04-01 22:15:15
veracode
veracode
Authorization Bypass
2019-04-25 07:09:40
ubuntucve
ubuntucve
CVE-2018-11802
2020-04-01 00:00:00
cve
cve
CVE-2018-11802
2020-04-01 22:15:15
nvd
nvd
CVE-2018-11802
2020-04-01 22:15:15