Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13941

Опубликовано: 17 авг. 2020
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

A flaw was found in Solr. The Replication handler allows commands backup, restore, and delete backup that take non-validated allocation parameters which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LMhashes). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

Red Hat JBoss Fuse 6, Red Hat Fuse 7, and Red Hat Integration Camel K using camel-solr are not directly affected by this vulnerability as the camel-solr component uses the client library solr-j and the vulnerability lies in the solr server itself. We advise customers using solr to investigate the usage of the server and ensure it is safe.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7camel-solrNot affected
Red Hat Integration Camel K 1camel-solrNot affected
Red Hat JBoss Data Virtualization 6solr-coreOut of support scope
Red Hat JBoss Enterprise Application Platform 6solr-coreOut of support scope
Red Hat JBoss Fuse 6solr-coreNot affected
Red Hat JBoss Fuse Service Works 6solr-coreOut of support scope

Показывать по

Дополнительная информация

Статус:

Important
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1869167solr: replication handler allows a read-write operations to any location the solr user can access

EPSS

Процентиль: 84%
0.02295
Низкий

8.8 High

CVSS3

Связанные уязвимости

CVSS3: 8.8
ubuntu
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS3: 8.8
nvd
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS3: 8.8
debian
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...

CVSS3: 8.8
github
больше 3 лет назад

Improper Input Validation in Apache Solr

EPSS

Процентиль: 84%
0.02295
Низкий

8.8 High

CVSS3