CVE-2021-29943

CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections

Vendor Apache Software Foundation

Product Apache Solr

Weakness CWE-863 · Incorrect authorization

Published April 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

Key dates

02Disclosure timeline

April 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-29943

Related vulnerabilities

04Related CVE

CVE-2025-2515 Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token CVE-2026-22784 Lychee cross-album password propagation on Album unlocking CVE-2026-30229 Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user