Описание
Core creation allows users to replace "trusted" configset files with arbitrary configuration
Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.
This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "" tags by default.
A flaw was found in Apache Solr. Solr instances that use the "FileSystemConfigSetService" component, the default in "standalone" or "user-managed" mode, and are running without authentication and authorization are vulnerable to a privilege escalation wherein individual "trusted" config set files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath. This flaw allows an attacker to load malicious code as a searchComponent or other plugin.
Меры по смягчению последствий
Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | org.apache.solr/solr-core | Out of support scope | ||
| Red Hat Integration Camel K 1 | org.apache.solr/solr-core | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.apache.solr/solr-core | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.apache.solr/solr-core | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS3
Связанные уязвимости
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates t...
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates th
Core creation allows users to replace "trusted" configset files with a ...
Apache Solr vulnerable to Execution with Unnecessary Privileges
Уязвимость компонента "FileSystemConfigSetService" поискового сервера Apache Solr, позволяющая нарушителю загрузить вредоносный код
4.6 Medium
CVSS3