CVE-2017-9803

EUVD-2022-3690

18.09.2017, 21:29

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Affected Products (NVD)

Vendor	Product	Version
apache	solr	6.2.0
apache	solr	6.2.1
apache	solr	6.3.0
apache	solr	6.4.0
apache	solr	6.4.1
apache	solr	6.4.2
apache	solr	6.5.0
apache	solr	6.5.1
apache	solr	6.6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

lucene-solr

bookworm	3.6.2+dfsg-26 fixed
bullseye	3.6.2+dfsg-24 fixed
sid	3.6.2+dfsg-26 fixed
trixie	3.6.2+dfsg-26 fixed

Ubuntu Releases

Ubuntu Product

Codename

lucene-solr

trusty	not-affected
xenial	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAOOKt53AOScg04zUh0%2BR_fcXD0C9s5mQ-OzdgYdnHz49u1KmXw%40mail.gmail.com%3E

http://www.securityfocus.com/bid/100870

http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAOOKt53AOScg04zUh0%2BR_fcXD0C9s5mQ-OzdgYdnHz49u1KmXw%40mail.gmail.com%3E

http://www.securityfocus.com/bid/100870