2 matches found
CVE-2017-9803
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...
CVE-2017-9803
CVE-2017-9803 affects Apache Solr’s Kerberos plugin, where delegation tokens can enable reuse of an end-user’s authentication. The documented issues include leakage of security configuration to non-super users and potential privilege escalation by malicious users when using a SecurityAwareZkACLPr...