This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new cdbb55243 Commit build products
cdbb55243 is described below
commit cdbb55243a3a23fcef698ba2187c3ff80b8e86f4
Author: Build Pelican (action) <[email protected]>
AuthorDate: Tue Oct 15 22:59:10 2024 +0000
Commit build products
---
output/feeds/all.atom.xml | 92 ++++++++++++++++----------
output/feeds/solr/security.atom.xml | 58 +++++++++++++++-
output/index.html | 2 +-
output/news.html | 45 +++++++++++++
output/operator/index.html | 2 +-
output/security.html | 127 ++++++++++++++++--------------------
6 files changed, 219 insertions(+), 107 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 0395cdd60..307b2ee4f 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -1,5 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"></link><link href="/feeds/all.atom.xml"
rel="self"></link><id>/</id><updated>2024-09-24T00:00:00+00:00</updated><entry><title>Apache
Solr™ 8.11.4 available</title><link href="/apache-solrtm-8114-available.html"
rel="alternate"></link><published>2024-09-24T00:00:00+00:00</published><updated>2024-09-24T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2024-09-2 [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"></link><link href="/feeds/all.atom.xml"
rel="self"></link><id>/</id><updated>2024-10-14T00:00:00+00:00</updated><entry><title>CVE-2024-45216:
Apache Solr: Authentication bypass possible using a fake URL Path
ending</title><link
href="/cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending.html"
rel="alternate"></link><published>2024-10-14T00:00:00+00:00</publ [...]
+Critical</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 5.3.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong><br>
+Improper Authentication vulnerability in Apache Solr.</p>
+<p>Solr instances using the PKIAuthenticationPlugin, which is enabled by
default when Solr Authentication is used, are vulnerable to Authentication
bypass.
+A …</p></summary><content
type="html"><p><strong>Severity:</strong><br>
+Critical</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 5.3.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong><br>
+Improper Authentication vulnerability in Apache Solr.</p>
+<p>Solr instances using the PKIAuthenticationPlugin, which is enabled by
default when Solr Authentication is used, are vulnerable to Authentication
bypass.
+A fake ending at the end of any Solr API URL path, will allow requests to skip
Authentication while maintaining the API contract with the original URL Path.
+This fake ending looks like an unprotected API path, however it is stripped
off internally after authentication but before API routing.</p>
+<p><strong>Mitigation:</strong><br>
+Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the
issue.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17417">SOLR-17417</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45216">CVE-2024-45216</a></p></content><category
term="solr/security"></category></entry><entry><title>CVE-2024-45217: Apache
Solr: ConfigSets created during a backup restore command are trusted
implicitly</title><link
href="/cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly.html"
rel="alternate"></link><published>2024-10-14T00:00:00+00:00</published><updated>2024
[...]
+Moderate</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 6.6.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong> </p>
+<p>Insecure Default Initialization of Resource vulnerability in Apache
Solr.</p>
+<p>New ConfigSets that are created via a Restore command, which copy a
configSet from the backup and give …</p></summary><content
type="html"><p><strong>Severity:</strong><br>
+Moderate</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 6.6.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong> </p>
+<p>Insecure Default Initialization of Resource vulnerability in Apache
Solr.</p>
+<p>New ConfigSets that are created via a Restore command, which copy a
configSet from the backup and give it a new name, are created without setting
the "trusted" metadata.
+ConfigSets that do not contain the flag are trusted implicitly if the metadata
is missing, therefore this leads to "trusted" ConfigSets that may not have been
created with an Authenticated request.
+"trusted" ConfigSets are able to load custom code into classloaders, therefore
the flag is supposed to only be set when the request that uploads the ConfigSet
is Authenticated &amp; Authorized.</p>
+<p><strong>Mitigation:</strong><br>
+This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before
9.7.0. This issue does not affect Solr instances that are secured via
Authentication/Authorization.</p>
+<p>Users are primarily recommended to use Authentication and
Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4
will mitigate this issue otherwise.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17418">SOLR-17418</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45217">CVE-2024-45217</a></p></content><category
term="solr/security"></category></entry><entry><title>Apache Solr™ 8.11.4
available</title><link href="/apache-solrtm-8114-available.html"
rel="alternate"></link><published>2024-09-24T00:00:00+00:00</published><updated>2024-09-24T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2024-09-24:/apache-solrtm-8114-available.html</id><summa
[...]
<p>Solr is the blazing-fast, open source, multi-modal search platform
built on Apache Lucene. It powers full-text, analytics, and geospatial search
at many of the world's largest organizations. Other major features include
Kubernetes and …</p></summary><content type="html"><p>The Lucene
and Solr PMCs are pleased to announce the release of Apache Solr
8.11.4.</p>
<p>Solr is the blazing-fast, open source, multi-modal search platform
built on Apache Lucene. It powers full-text, analytics, and geospatial search
at many of the world's largest organizations. Other major features include
Kubernetes and docker integration, streaming, highlighting, faceting, and
spellchecking.</p>
<p>Solr 8.11.4 is available for immediate download at:</p>
@@ -2338,36 +2394,4 @@ release.</p>
<code>stream.body</code> parameter by default, which will further
help protect
systems.</p>
</li>
-</ul></content><category
term="solr/security"></category></entry><entry><title>Apache Solr™ 7.0.1
available</title><link href="/"
rel="alternate"></link><published>2017-10-06T00:00:00+00:00</published><updated>2017-10-06T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2017-10-06:/</id><summary
type="html"><p>Solr is the popular, blazing fast, open source NoSQL
search platform from the
-Apache Lucene project. Its major features include powerful full-text search,
-hit highlighting, faceted search and analytics, rich document parsing,
-geospatial search, extensive REST APIs as well as parallel SQL. Solr is
-enterprise grade, secure and highly scalable …</p></summary><content
type="html"><p>Solr is the popular, blazing fast, open source NoSQL
search platform from the
-Apache Lucene project. Its major features include powerful full-text search,
-hit highlighting, faceted search and analytics, rich document parsing,
-geospatial search, extensive REST APIs as well as parallel SQL. Solr is
-enterprise grade, secure and highly scalable, providing fault tolerant
-distributed search and indexing, and powers the search and navigation
-features of many of the world's largest internet sites.</p>
-<p>Solr 7.0.1 is available for immediate download at:
-<a
href="https://solr.apache.org/downloads.html">https://solr.apache.org/downloads.html</a></p>
-<p>This release includes 2 bug fixes since the 7.0.0 release:</p>
-<ul>
-<li>
-<p>Solr 7.0 cannot read indexes from 6.x versions.</p>
-</li>
-<li>
-<p>Message "Lock held by this virtual machine" during startup.
- Solr is trying to start some cores twice.</p>
-</li>
-</ul>
-<p>Furthermore, this release includes Apache Lucene 7.0.1 which includes
1 bug
-fix since the 7.0.0 release.</p>
-<p>The release is available for immediate download at:</p>
-<p><a
href="https://www.apache.org/dyn/closer.lua/lucene/solr/7.0.1">https://www.apache.org/dyn/closer.lua/lucene/solr/7.0.1</a></p>
-<p>Please read CHANGES.txt for a detailed list of changes:</p>
-<p><a
href="https://solr.apache.org/7_0_1/changes/Changes.html">https://solr.apache.org/7_0_1/changes/Changes.html</a></p></content><category
term="solr/news"></category></entry><entry><title>Apache Solr Reference Guide
for 7.0 available</title><link href="/"
rel="alternate"></link><published>2017-10-02T00:00:00+00:00</published><updated>2017-10-02T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2017-10-02:/</id><summary type="htm
[...]
-<p>This 1,035-page PDF is the definitive guide to Solr. This version
adds documentation for new features of Solr, plus detailed information about
changes and deprecations you should know about when
…</p></summary><content type="html"><p>The Lucene PMC is pleased to
announce the release of the Apache Solr Reference Guide for Solr 7.0.</p>
-<p>This 1,035-page PDF is the definitive guide to Solr. This version
adds documentation for new features of Solr, plus detailed information about
changes and deprecations you should know about when upgrading from Solr 6.x to
Solr 7.0.</p>
-<p>You can download the PDF from: <a
href="https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.0.pdf">https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.0.pdf</a>.</p>
-<p>An HTML version is also available from: <a
href="https://solr.apache.org/guide/7_0/">https://solr.apache.org/guide/7_0/</a>.</p></content><category
term="solr/news"></category></entry></feed>
\ No newline at end of file
+</ul></content><category term="solr/security"></category></entry></feed>
\ No newline at end of file
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index e67938413..762fe5aa1 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -1,5 +1,61 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"></link><link
href="/feeds/solr/security.atom.xml"
rel="self"></link><id>/</id><updated>2024-04-12T00:00:00+00:00</updated><entry><title>CVE-2024-31391:
Solr-Operator liveness and readiness probes may leak basic auth
credentials</title><link
href="/cve-2024-31391-solr-operator-liveness-and-readiness-probes-may-leak-basic-auth-credentials.html"
rel="alternate"></link><publishe [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"></link><link
href="/feeds/solr/security.atom.xml"
rel="self"></link><id>/</id><updated>2024-10-14T00:00:00+00:00</updated><entry><title>CVE-2024-45216:
Apache Solr: Authentication bypass possible using a fake URL Path
ending</title><link
href="/cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending.html"
rel="alternate"></link><published>2024- [...]
+Critical</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 5.3.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong><br>
+Improper Authentication vulnerability in Apache Solr.</p>
+<p>Solr instances using the PKIAuthenticationPlugin, which is enabled by
default when Solr Authentication is used, are vulnerable to Authentication
bypass.
+A …</p></summary><content
type="html"><p><strong>Severity:</strong><br>
+Critical</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 5.3.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong><br>
+Improper Authentication vulnerability in Apache Solr.</p>
+<p>Solr instances using the PKIAuthenticationPlugin, which is enabled by
default when Solr Authentication is used, are vulnerable to Authentication
bypass.
+A fake ending at the end of any Solr API URL path, will allow requests to skip
Authentication while maintaining the API contract with the original URL Path.
+This fake ending looks like an unprotected API path, however it is stripped
off internally after authentication but before API routing.</p>
+<p><strong>Mitigation:</strong><br>
+Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the
issue.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17417">SOLR-17417</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45216">CVE-2024-45216</a></p></content><category
term="solr/security"></category></entry><entry><title>CVE-2024-45217: Apache
Solr: ConfigSets created during a backup restore command are trusted
implicitly</title><link
href="/cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly.html"
rel="alternate"></link><published>2024-10-14T00:00:00+00:00</published><updated>2024
[...]
+Moderate</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 6.6.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong> </p>
+<p>Insecure Default Initialization of Resource vulnerability in Apache
Solr.</p>
+<p>New ConfigSets that are created via a Restore command, which copy a
configSet from the backup and give …</p></summary><content
type="html"><p><strong>Severity:</strong><br>
+Moderate</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 6.6.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong> </p>
+<p>Insecure Default Initialization of Resource vulnerability in Apache
Solr.</p>
+<p>New ConfigSets that are created via a Restore command, which copy a
configSet from the backup and give it a new name, are created without setting
the "trusted" metadata.
+ConfigSets that do not contain the flag are trusted implicitly if the metadata
is missing, therefore this leads to "trusted" ConfigSets that may not have been
created with an Authenticated request.
+"trusted" ConfigSets are able to load custom code into classloaders, therefore
the flag is supposed to only be set when the request that uploads the ConfigSet
is Authenticated &amp; Authorized.</p>
+<p><strong>Mitigation:</strong><br>
+This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before
9.7.0. This issue does not affect Solr instances that are secured via
Authentication/Authorization.</p>
+<p>Users are primarily recommended to use Authentication and
Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4
will mitigate this issue otherwise.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17418">SOLR-17418</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45217">CVE-2024-45217</a></p></content><category
term="solr/security"></category></entry><entry><title>CVE-2024-31391:
Solr-Operator liveness and readiness probes may leak basic auth
credentials</title><link
href="/cve-2024-31391-solr-operator-liveness-and-readiness-probes-may-leak-basic-auth-credentials.html"
rel="alternate"></link><published>2024-04-12T00:00:00+00:00</published><updated>2024-04-12T00:00:00+00:00
[...]
Moderate</p>
<p><strong>Versions Affected:</strong><br>
Solr Operator 0.3.0 to 0.8.0</p>
diff --git a/output/index.html b/output/index.html
index eec208021..6b82d1bde 100644
--- a/output/index.html
+++ b/output/index.html
@@ -115,7 +115,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2024-04-12">
+<section class="security" latest-date="2024-10-14">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="security.html">⚠ There are recent security
announcements. Read more on the Security page.</a></h2>
diff --git a/output/news.html b/output/news.html
index c4d78ca78..4729c8281 100644
--- a/output/news.html
+++ b/output/news.html
@@ -135,6 +135,51 @@
<h1 id="solr-news">Solr<sup>™</sup> News<a class="headerlink"
href="#solr-news" title="Permanent link">¶</a></h1>
<p>You may also read these news as an <a
href="/feeds/solr/news.atom.xml">ATOM feed</a>.</p>
+ <h2
id="cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending">14
October 2024, CVE-2024-45216: Apache Solr: Authentication bypass possible
using a fake URL Path ending
+ <a class="headerlink"
href="#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity:</strong><br>
+Critical</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 5.3.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong><br>
+Improper Authentication vulnerability in Apache Solr.</p>
+<p>Solr instances using the PKIAuthenticationPlugin, which is enabled by
default when Solr Authentication is used, are vulnerable to Authentication
bypass.
+A fake ending at the end of any Solr API URL path, will allow requests to skip
Authentication while maintaining the API contract with the original URL Path.
+This fake ending looks like an unprotected API path, however it is stripped
off internally after authentication but before API routing.</p>
+<p><strong>Mitigation:</strong><br>
+Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the
issue.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17417";>SOLR-17417</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45216";>CVE-2024-45216</a></p>
+ <h2
id="cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly">14
October 2024, CVE-2024-45217: Apache Solr: ConfigSets created during a backup
restore command are trusted implicitly
+ <a class="headerlink"
href="#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity:</strong><br>
+Moderate</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 6.6.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong> </p>
+<p>Insecure Default Initialization of Resource vulnerability in Apache
Solr.</p>
+<p>New ConfigSets that are created via a Restore command, which copy a
configSet from the backup and give it a new name, are created without setting
the "trusted" metadata.
+ConfigSets that do not contain the flag are trusted implicitly if the metadata
is missing, therefore this leads to "trusted" ConfigSets that may not have been
created with an Authenticated request.
+"trusted" ConfigSets are able to load custom code into classloaders, therefore
the flag is supposed to only be set when the request that uploads the ConfigSet
is Authenticated & Authorized.</p>
+<p><strong>Mitigation:</strong><br>
+This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before
9.7.0. This issue does not affect Solr instances that are secured via
Authentication/Authorization.</p>
+<p>Users are primarily recommended to use Authentication and Authorization
when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate
this issue otherwise.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17418";>SOLR-17418</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45217";>CVE-2024-45217</a></p>
<h2 id="apache-solrtm-8114-available">24 September 2024, Apache Solr™ 8.11.4
available
<a class="headerlink" href="#apache-solrtm-8114-available"
title="Permanent link">¶</a>
</h2>
diff --git a/output/operator/index.html b/output/operator/index.html
index 35c5a27e2..608014468 100644
--- a/output/operator/index.html
+++ b/output/operator/index.html
@@ -107,7 +107,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2024-04-12">
+<section class="security" latest-date="2024-10-14">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="/security.html">⚠ There are recent security
announcements. Read more on the Solr Security page.</a></h2>
diff --git a/output/security.html b/output/security.html
index c8c1b3ca3..f065cd674 100644
--- a/output/security.html
+++ b/output/security.html
@@ -190,6 +190,16 @@ with you to see if we can provide this information in
other variations or format
<th width="95">Date</th>
<th>Announcement</th>
</tr>
+ <tr>
+ <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45216";>CVE-2024-45216</a></td>
+ <td>2024-10-14</td>
+ <td><a
href="#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending">Apache
Solr: Authentication bypass possible using a fake URL Path ending</a></td>
+ </tr>
+ <tr>
+ <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45217";>CVE-2024-45217</a></td>
+ <td>2024-10-14</td>
+ <td><a
href="#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly">Apache
Solr: ConfigSets created during a backup restore command are trusted
implicitly</a></td>
+ </tr>
<tr>
<td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-31391";>CVE-2024-31391</a></td>
<td>2024-04-12</td>
@@ -255,18 +265,55 @@ with you to see if we can provide this information in
other variations or format
<td>2020-10-12</td>
<td><a
href="#cve-2020-13957-the-checks-added-to-unauthenticated-configset-uploads-in-apache-solr-can-be-circumvented">The
checks added to unauthenticated configset uploads in Apache Solr can be
circumvented</a></td>
</tr>
- <tr>
- <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-13941";>CVE-2020-13941</a></td>
- <td>2020-08-14</td>
- <td><a
href="#cve-2020-13941-apache-solr-information-disclosure-vulnerability">Apache
Solr information disclosure vulnerability</a></td>
- </tr>
- <tr>
- <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2019-17558";>CVE-2019-17558</a></td>
- <td>2019-12-30</td>
- <td><a
href="#cve-2019-17558-apache-solr-rce-through-velocityresponsewriter">Apache
Solr RCE through VelocityResponseWriter</a></td>
- </tr>
</table>
+ <h2
id="cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending">2024-10-14,
CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL
Path ending
+ <a class="headerlink"
href="#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity:</strong><br>
+Critical</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 5.3.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong><br>
+Improper Authentication vulnerability in Apache Solr.</p>
+<p>Solr instances using the PKIAuthenticationPlugin, which is enabled by
default when Solr Authentication is used, are vulnerable to Authentication
bypass.
+A fake ending at the end of any Solr API URL path, will allow requests to skip
Authentication while maintaining the API contract with the original URL Path.
+This fake ending looks like an unprotected API path, however it is stripped
off internally after authentication but before API routing.</p>
+<p><strong>Mitigation:</strong><br>
+Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the
issue.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17417";>SOLR-17417</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45216";>CVE-2024-45216</a></p>
+ <hr/>
+ <h2
id="cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly">2024-10-14,
CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore
command are trusted implicitly
+ <a class="headerlink"
href="#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity:</strong><br>
+Moderate</p>
+<p><strong>Versions Affected:</strong></p>
+<ul>
+<li>Apache Solr 6.6.0 before 8.11.4</li>
+<li>Apache Solr 9.0.0 before 9.7.0</li>
+</ul>
+<p><strong>Description:</strong> </p>
+<p>Insecure Default Initialization of Resource vulnerability in Apache
Solr.</p>
+<p>New ConfigSets that are created via a Restore command, which copy a
configSet from the backup and give it a new name, are created without setting
the "trusted" metadata.
+ConfigSets that do not contain the flag are trusted implicitly if the metadata
is missing, therefore this leads to "trusted" ConfigSets that may not have been
created with an Authenticated request.
+"trusted" ConfigSets are able to load custom code into classloaders, therefore
the flag is supposed to only be set when the request that uploads the ConfigSet
is Authenticated & Authorized.</p>
+<p><strong>Mitigation:</strong><br>
+This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before
9.7.0. This issue does not affect Solr instances that are secured via
Authentication/Authorization.</p>
+<p>Users are primarily recommended to use Authentication and Authorization
when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate
this issue otherwise.</p>
+<p><strong>Credit:</strong>
+Liu Huajin (reporter)</p>
+<p><strong>References:</strong><br>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17418";>SOLR-17418</a><br>
+CVE - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45217";>CVE-2024-45217</a></p>
+ <hr/>
<h2
id="cve-2024-31391-solr-operator-liveness-and-readiness-probes-may-leak-basic-auth-credentials">2024-04-12,
CVE-2024-31391: Solr-Operator liveness and readiness probes may leak basic
auth credentials
<a class="headerlink"
href="#cve-2024-31391-solr-operator-liveness-and-readiness-probes-may-leak-basic-auth-credentials"
title="Permanent link">¶</a>
</h2>
@@ -584,66 +631,6 @@ Any of the following are enough to prevent this
vulnerability:</p>
Tomás Fernández Löbbe, András Salamon</p>
<p><strong>References:</strong>
<a href="https://issues.apache.org/jira/browse/SOLR-14925";>SOLR-14925</a>:
CVE-2020-13957: The checks added to unauthenticated configset uploads can be
circumvented</p>
- <hr/>
- <h2
id="cve-2020-13941-apache-solr-information-disclosure-vulnerability">2020-08-14,
CVE-2020-13941: Apache Solr information disclosure vulnerability
- <a class="headerlink"
href="#cve-2020-13941-apache-solr-information-disclosure-vulnerability"
title="Permanent link">¶</a>
- </h2>
- <p><strong>Severity:</strong>
-Medium</p>
-<p><strong>Versions Affected:</strong><br>
-Before Solr 8.6. Some risks are specific to Windows.</p>
-<p><strong>Description:</strong>
-Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in
Solr version 8.6.0.
-The Replication handler
(https://solr.apache.org/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler)
allows commands backup, restore and deleteBackup. Each of these take a
location parameter, which was not validated, i.e you could read/write to any
location the solr user can access. </p>
-<p>On a windows system SMB paths such as \10.0.0.99\share\folder may also be
used, leading to:</p>
-<ul>
-<li>The possibility of restoring another SolrCore from a server on the network
(or mounted remote file system) may lead to:<ul>
-<li>Exposing search index data that the attacker should otherwise not have
access to</li>
-<li>Replacing the index data entirely by loading it from a remote file system
that the attacker controls</li>
-</ul>
-</li>
-<li>Launching SMB attacks which may result in:<ul>
-<li>The exfiltration of sensitive data such as OS user hashes (NTLM/LM
hashes),</li>
-<li>In case of misconfigured systems, SMB Relay Attacks which can lead to user
impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution
</li>
-</ul>
-</li>
-</ul>
-<p><strong>Mitigation:</strong>
-Upgrade to Solr 8.6, and/or ensure only trusted clients can make requests of
Solr's replication handler.</p>
-<p><strong>Credit:</strong>
-Matei "Mal" Badanoiu</p>
- <hr/>
- <h2
id="cve-2019-17558-apache-solr-rce-through-velocityresponsewriter">2019-12-30,
CVE-2019-17558: Apache Solr RCE through VelocityResponseWriter
- <a class="headerlink"
href="#cve-2019-17558-apache-solr-rce-through-velocityresponsewriter"
title="Permanent link">¶</a>
- </h2>
- <p><strong>Severity:</strong> High</p>
-<p><strong>Vendor:</strong><br>
-The Apache Software Foundation</p>
-<p><strong>Versions Affected:</strong>
-5.0.0 to 8.3.1</p>
-<p><strong>Description:</strong><br>
-The affected versions are vulnerable to a Remote Code Execution through the
-VelocityResponseWriter. A Velocity template can be provided through
-Velocity templates in a configset <code>velocity/</code> directory or as a
parameter.
-A user defined configset could contain renderable, potentially malicious,
-templates. Parameter provided templates are disabled by default, but can
-be enabled by setting <code>params.resource.loader.enabled</code> by defining a
-response writer with that setting set to <code>true</code>. Defining a
response
-writer requires configuration API access.</p>
-<p>Solr 8.4 removed the params resource loader entirely, and only enables the
-configset-provided template rendering when the configset is
<code>trusted</code> (has
-been uploaded by an authenticated user).</p>
-<p><strong>Mitigation:</strong><br>
-Ensure your network settings are configured so that only trusted traffic
-communicates with Solr, especially to the configuration APIs.</p>
-<p><strong>Credit:</strong><br>
-Github user <code>s00py</code></p>
-<p><strong>References:</strong></p>
-<ul>
-<li><a
href="https://issues.apache.org/jira/browse/SOLR-13971";>https://issues.apache.org/jira/browse/SOLR-13971</a></li>
-<li><a
href="https://issues.apache.org/jira/browse/SOLR-14025";>https://issues.apache.org/jira/browse/SOLR-14025</a></li>
-<li><a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity";>https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity</a></li>
-</ul>
<hr/>
<h1 id="cve-reports-for-apache-solr-dependencies">CVE reports for Apache
Solr dependencies</h1>
<p>Below is a list of CVE vulnerabilities in Apache Solr dependencies, and
the state of their applicability to Solr.</p>
