org.apache.solr:solr-core@8.11.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.solr:solr-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Exposure of Sensitive Information to an Unauthorized Actor

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the use of a zkHost parameter that allows users to extract data from other Solr Clouds. When the original SolrCloud is configured to use ZooKeeper credentials and ACLs, these credentials are sent to any zkHost specified by the user. An attacker could exploit this by setting up a mock ZooKeeper server that accepts ZooKeeper requests with credentials and ACLs to extract sensitive information. Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.

How to fix Exposure of Sensitive Information to an Unauthorized Actor?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.4.1 or higher.

[6.0.0,8.11.3) [9.0.0,9.4.1)
  • M
Incorrect Permission Assignment for Critical Resource

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the Schema Designer not properly authenticating configSets. An attacker can load external libraries without proper authentication by exploiting the trust assigned to configSets created by unauthenticated users.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.3.0 or higher.

[8.10.0,8.11.3) [9.0.0,9.3.0)
  • H
Unrestricted Upload of File with Dangerous Type

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the ConfigSets API accepting Java jar and class files. When backing up Solr Collections, these configSet files are saved to disk using the LocalFileSystemRepository, which is the default for backups. If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files become available for use with any ConfigSet, regardless of trust level.

Note: This vulnerability is most severe when Authorization is not enabled, which is strongly recommended against. With Authorization enabled it is limited to extending the Backup permissions with the ability to add libraries.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.4.1 or higher.

[6.0.0,8.11.3) [9.0.0,9.4.1)
  • M
Insufficiently Protected Credentials

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to system property redaction logic inconsistencies. An attacker can access sensitive information, such as credentials for basic authentication or AWS secret keys, by exploiting the /admin/info/properties endpoint. This endpoint was intended to hide system properties containing "password" in their name, but failed to conceal other sensitive properties, including "basicauth" and "aws.secretKey", thus making them accessible via the Solr Admin UI. This is only exploitable if the Solr Cloud has Authorization enabled and the attacker has the "config-read" permission.

How to fix Insufficiently Protected Credentials?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.3.0 or higher.

[6.0.0,8.11.3) [9.0.0,9.3.0)
  • M
Improper Input Validation

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Improper Input Validation in DataImportHandler, which allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes). In case of misconfigured systems, SMB relay attacks can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution.

How to fix Improper Input Validation?

Upgrade org.apache.solr:solr-core to version 8.11.1 or higher.

[0,8.11.1)