Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-13941

Опубликовано: 17 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.5
CVSS3: 8.8

Описание

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

focal

ignored

end of standard support, was needs-triage
groovy

ignored

end of life

Показывать по

EPSS

Процентиль: 84%
0.02295
Низкий

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVSS3: 8.8
redhat
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS3: 8.8
nvd
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS3: 8.8
debian
почти 5 лет назад

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...

CVSS3: 8.8
github
больше 3 лет назад

Improper Input Validation in Apache Solr

EPSS

Процентиль: 84%
0.02295
Низкий

6.5 Medium

CVSS2

8.8 High

CVSS3