Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BIT-SOLR-2021-29262 Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings

🗓️ 06 Mar 2024 11:06:30Reported by GoogleType 
osv
 osv🔗 osv.dev👁 13 Views

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, Solr would not treat the optional read-only user as a sensitive path and would allow it to be readable. Also, Solr will not automatically update the ACLs if security.json is already present

Related
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Solr
9 Nov 202120:21
ibm
CNNVD		Apache Solr 安全漏洞
13 Apr 202100:00
cnnvd
CNVD		Apache Solr Information Disclosure Vulnerability
13 Apr 202100:00
cnvd
CVE		CVE-2021-29262
13 Apr 202106:35
cve
Cvelist		CVE-2021-29262 Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
13 Apr 202106:35
cvelist
Debian CVE		CVE-2021-29262
13 Apr 202106:35
debiancve
Github Security Blog		Improper permission handling in Apache Solr
10 May 202115:18
github
NVD		CVE-2021-29262
13 Apr 202107:15
nvd
OSV		GHSA-JGCR-FG3G-QVW8 Improper permission handling in Apache Solr
10 May 202115:18
osv
OSV		UBUNTU-CVE-2021-29262
13 Apr 202107:15
osv
Rows per page
SourceLink
listswww.lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E
listswww.lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f%40%3Cdev.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc%40%3Coak-issues.jackrabbit.apache.org%3E
listswww.lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72%40%3Coak-commits.jackrabbit.apache.org%3E
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 May 2025 10:02Current
7.4High risk
Vulners AI Score7.4
CVSS 24.3
CVSS 3.17.5
EPSS0.26231
apache solrsecurity vulnerabilityacl providers
13