AVG-1808 log
| Package | solr |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 8.8.1-1 |
| Fixed | 8.8.2-1 |
| Current | 9.5.0-3 [extra] |
| Ticket | None |
| Created | Mon Apr 12 21:57:41 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-29943 | Medium | Yes | Authentication bypass | When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using... |
| CVE-2021-29262 | Medium | Yes | Information disclosure | When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing... |
| CVE-2021-27905 | Medium | Yes | Cross-site request forgery | The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to... |