CVE-2018-11802

NameCVE-2018-11802
DescriptionIn Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lucene-solr (PTS)jessie3.6.2+dfsg-5+deb8u2fixed
jessie (security)3.6.2+dfsg-5+deb8u3fixed
stretch (security), stretch3.6.2+dfsg-10+deb9u2fixed
buster3.6.2+dfsg-20+deb10u1fixed
bullseye, sid3.6.2+dfsg-22fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lucene-solrsource(unstable)(not affected)

Notes

- lucene-solr <not-affected> (Vulnerable code is not present)
https://issues.apache.org/jira/browse/SOLR-12514
Issue introduced around: https://github.com/apache/lucene-solr/commit/56e88400aefbeb7f1821cbd10a2997cde018df97 (4.2.0)
Fixed by: https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895 (releases/lucene-solr/6.6.6)

Search for package or bug name: Reporting problems