CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24814 – Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
https://notcve.org/view.php?id=CVE-2025-24814
27 Jan 2025 — Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are tre... • https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52012 – Apache Solr: Configset upload on Windows allows arbitrary path write-access
https://notcve.org/view.php?id=CVE-2024-52012
27 Jan 2025 — Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. • https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd • CWE-23: Relative Path Traversal •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45217 – Apache Solr: ConfigSets created during a backup restore command are trusted implicitly
https://notcve.org/view.php?id=CVE-2024-45217
16 Oct 2024 — Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request. "trusted" ConfigSets are able to load custom code into classloaders, t... • https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2024-45216 – Apache Solr: Authentication bypass possible using a fake URL Path ending
https://notcve.org/view.php?id=CVE-2024-45216
16 Oct 2024 — Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue a... • https://github.com/congdong007/CVE-2024-45216-Poc • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6289
https://notcve.org/view.php?id=CVE-2013-6289
28 Oct 2013 — Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la extensión Apache Soir para TYPO3 (soir) en versiones anteriores a la 2.8.3 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/54978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6288
https://notcve.org/view.php?id=CVE-2013-6288
28 Oct 2013 — Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." Vunerabilidad sin especificar en Apache Solr para la extensión TYPO3 anterior a 2.8.3 con impacto y vectores de ataque desconocidos relacionados con "Deserializacióin Insegura" • http://secunia.com/advisories/54978 •