CVE-2017-9803

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 6.6.1

Description The issue concerns Apache Solr's Kerberos plugin when using a SecurityAwareZkACLProvider type of ACL provider. This allows for the potential leakage of access to the security configuration to users other than the Solr super user. Furthermore, malicious users can exploit this leaked configuration for privilege escalation, which can lead to the exposure or modification of private data and disruption of operations in the Solr cluster.

Recommendations For versions prior to 6.6.1, update to Apache Solr 6.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the security configuration to minimize the risk of exploitation. Restrict access to the Kerberos plugin's delegation token functionality until the update is applied.