CVE-2018-11802
First published: Wed Apr 01 2020(Updated: )
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Solr | <7.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11802?
CVE-2018-11802 is a vulnerability in Apache Solr that allows unauthorized access to data on the cluster.
How does CVE-2018-11802 affect Apache Solr?
CVE-2018-11802 affects Apache Solr version up to and including 7.7.0.
What is the severity of CVE-2018-11802?
CVE-2018-11802 has a severity level of medium with a CVSS score of 4.3.
How can I fix CVE-2018-11802 in Apache Solr?
To fix CVE-2018-11802, you should upgrade your Apache Solr installation to version 7.7.1 or later.
Where can I find more information about CVE-2018-11802?
You can find more information about CVE-2018-11802 at the following link: [https://www.openwall.com/lists/oss-security/2019/04/24/1](https://www.openwall.com/lists/oss-security/2019/04/24/1)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/apache
- canonical/apache solr