Apache · Apache Solr · CVE-2018-11802
Name of the Vulnerable Software and Affected Versions:
Apache Solr versions prior to 7.7
Description:
The issue affects Apache Solr clusters where a node can proxy requests to other nodes for collections it does not host, bypassing authorization settings. This occurs in versions prior to 7.7 that use the default RuleBasedAuthorizationPlugin.
Recommendations:
For versions prior to 7.7, consider updating to version 7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the proxy functionality or implementing additional authorization mechanisms to minimize the risk of exploitation.