BIT-solr-2020-13957

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/solr/BIT-solr-2020-13957.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-solr-2020-13957
Aliases
Published
2024-03-06T11:07:17.601Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / solr

Package

Name
solr
Purl
pkg:bitnami/solr

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
6.6.0
Fixed
6.6.6
Introduced
7.0.0
Fixed
7.7.3
Introduced
8.0.0
Fixed
8.6.2