Ubuntu.comUB:CVE-2018-11802CVE-2018-11802
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
29.0%
In Apache Solr, the cluster can be partitioned into multiple collections
and only a subset of nodes actually host any given collection. However, if
a node receives a request for a collection it does not host, it proxies the
request to a relevant node and serves the request. Solr bypasses all
authorization settings for such requests. This affects all Solr versions
prior to 7.7 that use the default authorization mechanism of Solr
(RuleBasedAuthorizationPlugin).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | lucene-solr | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | lucene-solr | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | lucene-solr | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | lucene-solr | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | lucene-solr | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | lucene-solr | < any | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
29.0%