This is an automated email from the ASF dual-hosted git repository.
gerlowskija pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/main by this push:
new b78a4dcba Add security notices for two recent CVEs (#141)
b78a4dcba is described below
commit b78a4dcbaee3371a717d192d46695a703df2e539
Author: Jason Gerlowski <[email protected]>
AuthorDate: Sun Jan 26 07:43:31 2025 -0500
Add security notices for two recent CVEs (#141)
- CVE-2024-52012
- CVE-2025-24814
---
content/solr/security/2025-01-26-cve-2024-52012.md | 28 +++++++++++++++++++++
content/solr/security/2025-01-26-cve-2025-24814.md | 29 ++++++++++++++++++++++
2 files changed, 57 insertions(+)
diff --git a/content/solr/security/2025-01-26-cve-2024-52012.md
b/content/solr/security/2025-01-26-cve-2024-52012.md
new file mode 100644
index 000000000..74a706142
--- /dev/null
+++ b/content/solr/security/2025-01-26-cve-2024-52012.md
@@ -0,0 +1,28 @@
+Title: CVE-2024-52012: Apache Solr: Configset upload on Windows allows
arbitrary path write-access
+category: solr/security
+cve: CVE-2024-52012
+
+**Severity**
+moderate
+
+**Versions Affected**
+
+- Apache Solr 6.6 through 9.7.0
+
+**Description**
+
+Relative Path Traversal vulnerability in Apache Solr.
+
+Solr instances running on Windows are vulnerable to arbitrary filepath
write-access, due to a lack of input-sanitation in the "configset upload" API.
Commonly known as a "zipslip", maliciously constructed ZIP files can use
relative filepaths to write data to unanticipated parts of the filesystem.
+This issue affects Apache Solr: from 6.6 through 9.7.0.
+
+**Mitigation**
+
+Users are recommended to upgrade to version 9.8.0, which fixes the issue.
Users unable to upgrade may also safely prevent the issue by using Solr's
"Rule-Based Authentication Plugin" to restrict access to the configset upload
API, so that it can only be accessed by a trusted set of administrators/users.
+
+**Credit**
+rry (reporter)
+
+**References**
+JIRA - [SOLR-17543](https://issues.apache.org/jira/browse/SOLR-17543)
+CVE - [CVE-2024-52012](https://www.cve.org/CVERecord?id=CVE-2024-52012)
diff --git a/content/solr/security/2025-01-26-cve-2025-24814.md
b/content/solr/security/2025-01-26-cve-2025-24814.md
new file mode 100644
index 000000000..8bcf16693
--- /dev/null
+++ b/content/solr/security/2025-01-26-cve-2025-24814.md
@@ -0,0 +1,29 @@
+Title: CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can
use arbitrary untrusted files
+category: solr/security
+cve: CVE-2025-24814
+
+**Severity**
+moderate
+
+**Versions Affected**
+
+- Apache Solr through 9.7
+
+**Description**
+
+Core creation allows users to replace "trusted" configset files with arbitrary
configuration
+
+Solr instances that (1) use the "FileSystemConfigSetService" component (the
default in "standalone" or "user-managed" mode), and (2) are running without
authentication and authorization are vulnerable to a sort of privilege
escalation wherein individual "trusted" configset files can be ignored in favor
of potentially-untrusted replacements available elsewhere on the filesystem.
These replacement config files are treated as "trusted" and can use "<lib>"
tags to add to Solr's classpath, w [...]
+
+This issue affects all Apache Solr versions up through Solr 9.7.
+
+**Mitigation**
+
+Users can protect against the vulnerability by enabling authentication and
authorization on their Solr clusters or switching to SolrCloud (and away from
"FileSystemConfigSetService"). Users are also recommended to upgrade to Solr
9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.
+
+**Credit**
+pwn null (reporter)
+
+**References**
+JIRA - [SOLR-16781](https://issues.apache.org/jira/browse/SOLR-16781)
+CVE - [CVE-2025-24814](https://www.cve.org/CVERecord?id=CVE-2025-24814)
