Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-13941

Опубликовано: 17 авг. 2020
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
Версия до 8.6.0 (исключая)

EPSS

Процентиль: 84%
0.02295
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVSS3: 8.8
ubuntu
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS3: 8.8
redhat
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS3: 8.8
debian
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...

CVSS3: 8.8
github
больше 3 лет назад

Improper Input Validation in Apache Solr

EPSS

Процентиль: 84%
0.02295
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20