org.apache.solr:solr-core@8.11.1 vulnerabilities

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the use of a zkHost parameter that allows users to extract data from other Solr Clouds. When the original SolrCloud is configured to use ZooKeeper credentials and ACLs, these credentials are sent to any zkHost specified by the user. An attacker could exploit this by setting up a mock ZooKeeper server that accepts ZooKeeper requests with credentials and ACLs to extract sensitive information. Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.4.1 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the Schema Designer not properly authenticating configSets. An attacker can load external libraries without proper authentication by exploiting the trust assigned to configSets created by unauthenticated users.

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.3.0 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the ConfigSets API accepting Java jar and class files. When backing up Solr Collections, these configSet files are saved to disk using the LocalFileSystemRepository, which is the default for backups. If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files become available for use with any ConfigSet, regardless of trust level.

Note: This vulnerability is most severe when Authorization is not enabled, which is strongly recommended against. With Authorization enabled it is limited to extending the Backup permissions with the ability to add libraries.

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.4.1 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to system property redaction logic inconsistencies. An attacker can access sensitive information, such as credentials for basic authentication or AWS secret keys, by exploiting the /admin/info/properties endpoint. This endpoint was intended to hide system properties containing "password" in their name, but failed to conceal other sensitive properties, including "basicauth" and "aws.secretKey", thus making them accessible via the Solr Admin UI. This is only exploitable if the Solr Cloud has Authorization enabled and the attacker has the "config-read" permission.

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.3.0 or higher.