CVE-2021-29262 — HIGH (7.5)

Q: How severe is CVE-2021-29262?

CVE-2021-29262 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-29262?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Solr.

Vulnerability Description

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Solr	< 8.8.2

Related Weaknesses (CWE)

CWE-522

References

FAQ

What is CVE-2021-29262?

CVE-2021-29262 is a vulnerability with a CVSS score of 7.5 (HIGH). When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only use...

How severe is CVE-2021-29262?

CVE-2021-29262 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29262?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Solr.