Commit 2fbc0dfc authored by Isaac Dawson's avatar Isaac Dawson
Browse files

Merge branch 'adbcurate/maven_org_apache_solr_solr_core_CVE_2020_9492_yml' into 'master'

Add CVE-2020-9492 to solr-core

See merge request !11162
parents 62323d6d 2ed77645
Pipeline #421570468 passed with stage
in 2 minutes and 17 seconds
---
identifier: "CVE-2020-9492"
identifiers:
- "CVE-2020-9492"
package_slug: "maven/org.apache.solr/solr-core"
title: "Incorrect Authorization"
description: "In Apache Hadoop, WebHDFS client might send `SPNEGO` authorization
header to remote URL without proper verification."
date: "2021-11-30"
pubdate: "2021-01-26"
affected_range: "[8.6.0],[8.6.2]"
fixed_versions:
- "8.6.1"
- "8.6.3"
affected_versions: "Version 8.6.0, version 8.6.2"
not_impacted: "All versions before 8.6.0, all versions after 8.6.0 before 8.6.2, all
versions after 8.6.2"
solution: "Upgrade to versions 8.6.1, 8.6.3 or above."
urls:
- "https://nvd.nist.gov/vuln/detail/CVE-2020-9492"
- "https://security.netapp.com/advisory/ntap-20210304-0001/"
cvss_v2: "AV:N/AC:L/Au:S/C:P/I:P/A:P"
cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
uuid: "611f7851-d205-46b5-861f-9078afa38c93"
cwe_ids:
- "CWE-1035"
- "CWE-863"
- "CWE-937"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment