[jira] [Commented] (SOLR-16777) Schema Designer blindly "trusts" potentially malicious configset

Sat, 29 Apr 2023 07:24:07 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-16777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17717920#comment-17717920
 ] 

ASF subversion and git services commented on SOLR-16777:
--------------------------------------------------------

Commit bf9ca1044b2eec234038c2c27ec7996d589bb8c8 in solr's branch 
refs/heads/main from Ishan Chattopadhyaya
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=bf9ca1044b2 ]

SOLR-16777: Fix for Schema Designer blindly trusting potentially malicious 
configsets


> Schema Designer blindly "trusts" potentially malicious configset
> ----------------------------------------------------------------
>
>                 Key: SOLR-16777
>                 URL: https://issues.apache.org/jira/browse/SOLR-16777
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 9.0, 8.10, 8.11.2, 9.1, 9.2, 9.1.1
>            Reporter: Ishan Chattopadhyaya
>            Assignee: Ishan Chattopadhyaya
>            Priority: Blocker
>             Fix For: 9.2.1
>
>         Attachments: SOLR-16777.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When configset API is used to upload configsets by unauthenticated users, a 
> "trusted: false" flag is set on the configset. Such configsets cannot use the 
> <lib> directive to load classes while creating/loading collections. Details 
> here: https://solr.apache.org/guide/8_10/configsets-api.html#configsets-upload
> Unfortunately, this safety mechanism was bypassed in the schema designer when 
> a isConfigsetTrusted was hardcoded to true. 
> [https://github.com/apache/solr/blob/branch_9_1/solr/core/src/java/org/apache/solr/handler/designer/SchemaDesignerConfigSetHelper.java#L697]
>  
> As per Skay's report 
> [https://twitter.com/Skay_00/status/1646870062601756672|https://twitter.com/Skay_00/status/1646870062601756672),]
>  remote code execution is possible in unsecured Solr clusters where 
> authentication hasn't been enabled. This ticket is to mitigate one aspect of 
> that, i.e. the schema designer vulnerability. While our recommendation to all 
> users remains the same, i.e. to secure Solr installations with authentication 
> and authorization, I thank Skay for his detailed report.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to