CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13941
https://notcve.org/view.php?id=CVE-2020-13941
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. Reportado en SOLR-14515 (privado) y corregido en SOLR-14561 (público), publicado en Solr versión 8.6.0. El manejador de Replicación (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) permite una copia de seguridad, restauración y eliminación de copias de seguridad de los comandos. • https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be%40%3Ccommits.lucene.apache.org%3E https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11802
https://notcve.org/view.php?id=CVE-2018-11802
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). En Apache Solr, el clúster puede ser particionado en varias colecciones y solo un subconjunto de nodos realmente aloja una colección determinada. • https://www.openwall.com/lists/oss-security/2019/04/24/1 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 93%CPEs: 4EXPL: 3CVE-2019-0193 – Apache Solr DataImportHandler Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-0193
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. En Solr de Apache, el DataImportHandler, un módulo opcional pero popular para extraer datos de bases de datos y otras fuentes, presenta una funcionalidad en la que toda la configuración de DIH puede provenir del parámetro "dataConfig" de una petición. • https://github.com/jas502n/CVE-2019-0193 https://github.com/xConsoIe/CVE-2019-0193 https://github.com/jaychouzzk/CVE-2019-0193-exp https://issues.apache.org/jira/browse/SOLR-13669 https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apac • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3163 – solr: Directory traversal via Index Replication HTTP API
https://notcve.org/view.php?id=CVE-2017-3163
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. Cuando se usa la característica Index Replication, los nodos Apache Solr pueden tomar archivos index de un nodo master/leader usando una API HTTP que acepta un nombre de archivo. Sin embargo, Solr en versiones anteriores a la 5.5.4 y en versiones 6.x anteriores a la 6.4.1 no valida el nombre de archivo, por lo que fue posible manipular una petición especial que involucre un salto de ruta, dejando expuestos todos los archivos legibles en el proceso de servidor Solr. • https://access.redhat.com/errata/RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1451 https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488%40%3Csolr-user.lucene.apache.org%3E https://www.debian.org/security/2018/dsa-4124 https://access.redhat.com/security/cve/CVE-2017-3163 https://bugzilla.redhat.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2015-8796
https://notcve.org/view.php?id=CVE-2015-8796
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. Vulnerabilidad de XSS en webapp/web/js/scripts/schema-browser.js en la Admin UI en Apache Solr en versiones anteriores a 5.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL de navegación del esquema manipulada. • http://www.securityfocus.com/bid/85205 https://issues.apache.org/jira/browse/SOLR-7920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •