CVSS: 9.8EPSS: 71%CPEs: 3EXPL: 1CVE-2020-13957
https://notcve.org/view.php?id=CVE-2020-13957
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. Apache Solr versiones 6.6.0 hasta 6.6.6, 7.0.0 hasta 7.7.3 y 8.0.0 hasta 8.6.2, impiden que algunas funcionalidades consideradas peligrosas (que podrían ser usadas para una ejecución de código remota) sean configuradas en un ConfigSet que es cargado por medio de la API sin autenticación y autorización. Las comprobaciones implementadas impiden que tales funcionalidades puedan ser omitidas al usar una combinación de acciones UPLOAD/CREATE • https://github.com/s-index/CVE-2020-13957 https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573%40%3Cissues.lucene.apache.org%3E https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075%40%3Ccommits.lucene.apache.org%3E https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34%40%3Cdev.bigtop.apache.org%3E https://lists.apache.org&# • CWE-863: Incorrect Authorization •