---

CVE-2021-29943 - log back

CVE-2021-29943 edited at 13 Apr 2021 08:35:58
References	- https://www.openwall.com/lists/oss-security/2021/04/12/2 + https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E https://issues.apache.org/jira/browse/SOLR-15233 https://github.com/apache/lucene-solr/commit/c836d8b276d26bf2efdc9e34934996cc46fd4029

CVE-2021-29943 edited at 12 Apr 2021 22:07:46
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Authentication bypass
Description	+ When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
References	+ https://www.openwall.com/lists/oss-security/2021/04/12/2 + https://issues.apache.org/jira/browse/SOLR-15233 + https://github.com/apache/lucene-solr/commit/c836d8b276d26bf2efdc9e34934996cc46fd4029
Notes

CVE-2021-29943 created at 12 Apr 2021 21:57:41