Описание
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
A flaw was found in Solr. The Replication handler allows commands backup, restore, and delete backup that take non-validated allocation parameters which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LMhashes). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Red Hat JBoss Fuse 6, Red Hat Fuse 7, and Red Hat Integration Camel K using camel-solr are not directly affected by this vulnerability as the camel-solr component uses the client library solr-j and the vulnerability lies in the solr server itself. We advise customers using solr to investigate the usage of the server and ensure it is safe.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Fuse 7 | camel-solr | Not affected | ||
Red Hat Integration Camel K 1 | camel-solr | Not affected | ||
Red Hat JBoss Data Virtualization 6 | solr-core | Out of support scope | ||
Red Hat JBoss Enterprise Application Platform 6 | solr-core | Out of support scope | ||
Red Hat JBoss Fuse 6 | solr-core | Not affected | ||
Red Hat JBoss Fuse Service Works 6 | solr-core | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...
EPSS
8.8 High
CVSS3