org.apache.solr:solr-core 8.11.2

Direct Vulnerabilities

Known vulnerabilities in the org.apache.solr:solr-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Files or Directories Accessible to External Parties org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the `AllowPathBuilder` behavior accessible via the create core API. An attacker can read configsets from unauthorized filesystem paths (and, on Windows, expose NTLM user hashes), over this API. As a result, "create core" operations on the basis of those configsets may succeed. This is only exploitable if Solr is running in standalone mode and the `allowPath` setting is used to restrict file access How to fix Files or Directories Accessible to External Parties? Upgrade `org.apache.solr:solr-core` to version 9.10.1 or higher.	[8.6.0,9.10.1)
H Missing Authorization org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the `getPermissionName()` function can be forced to return null. An attacker can gain unauthorized access to some APIs if the following conditions are met: The deployment uses the `RuleBasedAuthorizationPlugin` Multiple "roles" are specified in the plugin config The plugin's permission list includes any of the predefined permission rules "config-read", "config-edit", "schema-read", "metrics-read", "security-read" The permission list does not define the "all" permission Untrusted HTTP/HTTPS requests are accepted without checking and filtering the methods in use. How to fix Missing Authorization? Upgrade `org.apache.solr:solr-core` to version 9.10.1 or higher.	[5.3.0,9.10.1)
H Execution with Unnecessary Privileges org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Execution with Unnecessary Privileges due to the potential for attackers to control what configset is loaded by the `FileSystemConfigSetService` component (in use by default in standalone and user-managed modes) during core creation. A trusted config can be replaced by a malicious one, which specifies arbitrary classes as `<lib>` elements, which will then be added to the classpath. How to fix Execution with Unnecessary Privileges? Upgrade `org.apache.solr:solr-core` to version 9.8.0 or higher.	[,9.8.0)
M Arbitrary File Write via Archive Extraction (Zip Slip) org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in the `uploadFileToConfig()` function in the `FileSystemConfigSetService.java` component, which is accessible via the configset upload API. An attacker can write files at unintended paths in the filesystem by passing in a ZIP archive containing a malicious pathname. Note: This vulnerability is only exploitable on Windows systems. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `org.apache.solr:solr-core` to version 9.8.0 or higher.	[6.6,9.8.0)
C Improper Authentication org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Improper Authentication due to insecure code in `PKIAuthenticationPlugin` and `HttpSolrCall` classes. An attacker can bypass the authentication process by appending a fake ending to the URL path, which appears to be an unprotected API path but is internally stripped off after authentication and before API routing. Note: Solr instances using the `PKIAuthenticationPlugin`, which is enabled by default when Solr Authentication is used, are vulnerable. How to fix Improper Authentication? Upgrade `org.apache.solr:solr-core` to version 8.11.4, 9.7.0 or higher.	[5.3.0,8.11.4)[9.0.0,9.7.0)
H Insecure Default Initialization of Resource org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the `Restore` command which copies a `configSet` from the backup and assigns it a new name without setting the `trusted` metadata. An attacker can execute arbitrary code by exploiting the implicit trust granted to these `ConfigSets` if the `trusted` flag is missing. This is only exploitable if the Solr instance is not secured via Authentication/Authorization. How to fix Insecure Default Initialization of Resource? Upgrade `org.apache.solr:solr-core` to version 8.11.4, 9.7.0 or higher.	[6.6.0,8.11.4)[9.0.0,9.7.0)
M Exposure of Sensitive Information to an Unauthorized Actor org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the use of a `zkHost` parameter that allows users to extract data from other Solr Clouds. When the original SolrCloud is configured to use ZooKeeper credentials and ACLs, these credentials are sent to any `zkHost` specified by the user. An attacker could exploit this by setting up a mock ZooKeeper server that accepts ZooKeeper requests with credentials and ACLs to extract sensitive information. Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade `org.apache.solr:solr-core` to version 8.11.3, 9.4.1 or higher.	[6.0.0,8.11.3)[9.0.0,9.4.1)
M Incorrect Permission Assignment for Critical Resource org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the Schema Designer not properly authenticating `configSets`. An attacker can load external libraries without proper authentication by exploiting the trust assigned to `configSets` created by unauthenticated users. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade `org.apache.solr:solr-core` to version 8.11.3, 9.3.0 or higher.	[8.10.0,8.11.3)[9.0.0,9.3.0)
H Unrestricted Upload of File with Dangerous Type org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the `ConfigSets` API accepting Java jar and class files. When backing up Solr Collections, these `configSet` files are saved to disk using the `LocalFileSystemRepository`, which is the default for backups. If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files become available for use with any `ConfigSet`, regardless of trust level. Note: This vulnerability is most severe when Authorization is not enabled, which is strongly recommended against. With Authorization enabled it is limited to extending the Backup permissions with the ability to add libraries. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade `org.apache.solr:solr-core` to version 8.11.3, 9.4.1 or higher.	[6.0.0,8.11.3)[9.0.0,9.4.1)
M Insufficiently Protected Credentials org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to system property redaction logic inconsistencies. An attacker can access sensitive information, such as credentials for basic authentication or AWS secret keys, by exploiting the `/admin/info/properties` endpoint. This endpoint was intended to hide system properties containing "password" in their name, but failed to conceal other sensitive properties, including "basicauth" and "aws.secretKey", thus making them accessible via the Solr Admin UI. This is only exploitable if the Solr Cloud has Authorization enabled and the attacker has the "config-read" permission. How to fix Insufficiently Protected Credentials? Upgrade `org.apache.solr:solr-core` to version 8.11.3, 9.3.0 or higher.	[6.0.0,8.11.3)[9.0.0,9.3.0)

Vulnerability

Vulnerable Version

Files or Directories Accessible to External Parties

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the AllowPathBuilder behavior accessible via the create core API. An attacker can read configsets from unauthorized filesystem paths (and, on Windows, expose NTLM user hashes), over this API. As a result, "create core" operations on the basis of those configsets may succeed.

This is only exploitable if Solr is running in standalone mode and the allowPath setting is used to restrict file access

How to fix Files or Directories Accessible to External Parties?

Upgrade org.apache.solr:solr-core to version 9.10.1 or higher.

[8.6.0,9.10.1)

Missing Authorization

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the getPermissionName() function can be forced to return null. An attacker can gain unauthorized access to some APIs if the following conditions are met:

The deployment uses the RuleBasedAuthorizationPlugin
Multiple "roles" are specified in the plugin config
The plugin's permission list includes any of the predefined permission rules "config-read", "config-edit", "schema-read", "metrics-read", "security-read"
The permission list does not define the "all" permission
Untrusted HTTP/HTTPS requests are accepted without checking and filtering the methods in use.

How to fix Missing Authorization?

Upgrade org.apache.solr:solr-core to version 9.10.1 or higher.

[5.3.0,9.10.1)

Execution with Unnecessary Privileges

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Execution with Unnecessary Privileges due to the potential for attackers to control what configset is loaded by the FileSystemConfigSetService component (in use by default in standalone and user-managed modes) during core creation. A trusted config can be replaced by a malicious one, which specifies arbitrary classes as <lib> elements, which will then be added to the classpath.

How to fix Execution with Unnecessary Privileges?

Upgrade org.apache.solr:solr-core to version 9.8.0 or higher.

[,9.8.0)

Arbitrary File Write via Archive Extraction (Zip Slip)

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in the uploadFileToConfig() function in the FileSystemConfigSetService.java component, which is accessible via the configset upload API. An attacker can write files at unintended paths in the filesystem by passing in a ZIP archive containing a malicious pathname.

Note: This vulnerability is only exploitable on Windows systems.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade org.apache.solr:solr-core to version 9.8.0 or higher.

[6.6,9.8.0)

Improper Authentication

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Improper Authentication due to insecure code in PKIAuthenticationPlugin and HttpSolrCall classes.

An attacker can bypass the authentication process by appending a fake ending to the URL path, which appears to be an unprotected API path but is internally stripped off after authentication and before API routing.

Note:

Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable.

How to fix Improper Authentication?

Upgrade org.apache.solr:solr-core to version 8.11.4, 9.7.0 or higher.

[5.3.0,8.11.4)[9.0.0,9.7.0)

Insecure Default Initialization of Resource

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the Restore command which copies a configSet from the backup and assigns it a new name without setting the trusted metadata. An attacker can execute arbitrary code by exploiting the implicit trust granted to these ConfigSets if the trusted flag is missing.

This is only exploitable if the Solr instance is not secured via Authentication/Authorization.

How to fix Insecure Default Initialization of Resource?

Upgrade org.apache.solr:solr-core to version 8.11.4, 9.7.0 or higher.

[6.6.0,8.11.4)[9.0.0,9.7.0)

Exposure of Sensitive Information to an Unauthorized Actor

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the use of a zkHost parameter that allows users to extract data from other Solr Clouds. When the original SolrCloud is configured to use ZooKeeper credentials and ACLs, these credentials are sent to any zkHost specified by the user. An attacker could exploit this by setting up a mock ZooKeeper server that accepts ZooKeeper requests with credentials and ACLs to extract sensitive information. Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.

How to fix Exposure of Sensitive Information to an Unauthorized Actor?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.4.1 or higher.

[6.0.0,8.11.3)[9.0.0,9.4.1)

Incorrect Permission Assignment for Critical Resource

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the Schema Designer not properly authenticating configSets. An attacker can load external libraries without proper authentication by exploiting the trust assigned to configSets created by unauthenticated users.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.3.0 or higher.

[8.10.0,8.11.3)[9.0.0,9.3.0)

Unrestricted Upload of File with Dangerous Type

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the ConfigSets API accepting Java jar and class files. When backing up Solr Collections, these configSet files are saved to disk using the LocalFileSystemRepository, which is the default for backups. If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files become available for use with any ConfigSet, regardless of trust level.

Note: This vulnerability is most severe when Authorization is not enabled, which is strongly recommended against. With Authorization enabled it is limited to extending the Backup permissions with the ability to add libraries.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.4.1 or higher.

[6.0.0,8.11.3)[9.0.0,9.4.1)

Insufficiently Protected Credentials

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to system property redaction logic inconsistencies. An attacker can access sensitive information, such as credentials for basic authentication or AWS secret keys, by exploiting the /admin/info/properties endpoint. This endpoint was intended to hide system properties containing "password" in their name, but failed to conceal other sensitive properties, including "basicauth" and "aws.secretKey", thus making them accessible via the Solr Admin UI. This is only exploitable if the Solr Cloud has Authorization enabled and the attacker has the "config-read" permission.

How to fix Insufficiently Protected Credentials?

Upgrade org.apache.solr:solr-core to version 8.11.3, 9.3.0 or higher.

[6.0.0,8.11.3)[9.0.0,9.3.0)

org.apache.solr:solr-core@8.11.2

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically