CVE-2017-9803
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9803
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9803.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-9803
- Aliases
- Published
- 2017-09-18T21:29:00Z
- Modified
- 2024-10-12T03:00:35.215854Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.
- References
Affected packages
Git / github.com/apache/lucene-solr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/lucene-solr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
Other
grafts/lucene-oldest
grafts/lucene-solr-copy
grafts/lucene-solr-oldest-merged
grafts/solr-incubator-latest
grafts/solr-incubator-oldest
grafts/solr-latest
grafts/solr-oldest
history/branches/lucene-solr/LUCENE-5622
history/branches/lucene-solr/LUCENE2793
history/branches/lucene-solr/cleanup2878
history/branches/lucene-solr/docvalues
history/branches/lucene-solr/jira/lucene-5438-nrt-replication
history/branches/lucene-solr/lucene-6835
history/branches/lucene-solr/lucene-6997
history/branches/lucene-solr/lucene2510
history/branches/lucene-solr/lucene2858
history/branches/lucene-solr/lucene3069
history/branches/lucene-solr/lucene3312
history/branches/lucene-solr/lucene3606
history/branches/lucene-solr/lucene3661
history/branches/lucene-solr/lucene3795_lsp_spatial_module
history/branches/lucene-solr/lucene3846
history/branches/lucene-solr/lucene3969
history/branches/lucene-solr/lucene4055
history/branches/lucene-solr/lucene4199
history/branches/lucene-solr/lucene4236
history/branches/lucene-solr/lucene4335
history/branches/lucene-solr/lucene4446
history/branches/lucene-solr/lucene4547
history/branches/lucene-solr/lucene4765
history/branches/lucene-solr/lucene5178
history/branches/lucene-solr/lucene5207
history/branches/lucene-solr/lucene5339
history/branches/lucene-solr/lucene539399
history/branches/lucene-solr/lucene5468
history/branches/lucene-solr/lucene5487
history/branches/lucene-solr/lucene5493
history/branches/lucene-solr/lucene5611
history/branches/lucene-solr/lucene5666
history/branches/lucene-solr/lucene5675
history/branches/lucene-solr/lucene5752
history/branches/lucene-solr/lucene5858
history/branches/lucene-solr/lucene5969
history/branches/lucene-solr/lucene5995
history/branches/lucene-solr/lucene6196
history/branches/lucene-solr/lucene6238
history/branches/lucene-solr/lucene6271
history/branches/lucene-solr/lucene6299
history/branches/lucene-solr/lucene6487
history/branches/lucene-solr/pforcodec_3892
history/branches/lucene-solr/preflexfixes
history/branches/lucene-solr/realtime_search
history/branches/lucene-solr/slowclosing
history/branches/lucene-solr/solr2452
history/branches/lucene-solr/solr3733
history/branches/lucene-solr/solr5914
history/branches/lucene-solr/solr7787
releases/lucene-solr/6.*
releases/lucene-solr/6.2.0
releases/lucene-solr/6.2.1
releases/lucene-solr/6.3.0
releases/lucene-solr/6.4.0
releases/lucene-solr/6.4.1
releases/lucene-solr/6.4.2
releases/lucene-solr/6.5.0
releases/lucene-solr/6.6.0