CVE-2021-29262 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1808	solr	8.8.1-1	8.8.2-1	Medium	Fixed

References
https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E https://issues.apache.org/jira/browse/SOLR-15249 https://github.com/apache/lucene-solr/commit/90671d8072bd09d4acaee0c390a53984b7474ebe https://github.com/apache/lucene-solr/commit/d97d1a07024edabb8dcd9ccf40f9ba31209c36ab

References

https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E
https://issues.apache.org/jira/browse/SOLR-15249
https://github.com/apache/lucene-solr/commit/90671d8072bd09d4acaee0c390a53984b7474ebe
https://github.com/apache/lucene-solr/commit/d97d1a07024edabb8dcd9ccf40f9ba31209c36ab