This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/main by this push:
new 18859f26c Fixup CVE formatting
18859f26c is described below
commit 18859f26c087cb914f35fc0265f16fd3e086f7ac
Author: Houston Putman <[email protected]>
AuthorDate: Fri Jan 12 15:24:09 2024 -0600
Fixup CVE formatting
---
content/solr/security/2022-11-20-cve-2022-39135.md | 16 ++++++++--------
content/solr/security/2024-01-12-cve-2023-50290.md | 15 +++++++++------
2 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/content/solr/security/2022-11-20-cve-2022-39135.md
b/content/solr/security/2022-11-20-cve-2022-39135.md
index a2a06936b..f26f9bd49 100644
--- a/content/solr/security/2022-11-20-cve-2022-39135.md
+++ b/content/solr/security/2022-11-20-cve-2022-39135.md
@@ -2,26 +2,26 @@ Title: Apache Solr is vulnerable to CVE-2022-39135 via /sql
handler
category: solr/security
cve: CVE-2022-39135
-**Versions Affected:**
+**Versions Affected:**
Solr 6.5 to 8.11.2
Solr 9.0
-**Description:**
+**Description:**
Apache Calcite has a vulnerability, CVE-2022-39135, that is exploitable in
Apache Solr in SolrCloud mode. If an untrusted user can supply SQL queries to
Solr’s “/sql” handler (even indirectly via proxies / other apps), then the user
could perform an XML External Entity (XXE) attack. This might have been
exposed by some deployers of Solr in order for internal analysts to use JDBC
based tooling, but would have unlikely been granted to wider audiences.
-**Impact:**
+**Impact:**
An XXE attack may lead to the disclosure of confidential data, denial of
service, server side request forgery (SSRF), port scanning from the Solr node,
and other system impacts.
-**Mitigation:**
+**Mitigation:**
Most Solr installations don’t make use of the SQL functionality. For such
users, the standard Solr security advice of using a firewall should be
adequate. Nonetheless, the functionality can be disabled. As of Solr 9, it
has been modularized and thus became opt-in, so nothing is needed for Solr 9
users that don’t use it. Users *not* using SolrCloud can’t use the
functionality at all. For other users that wish to disable it, you must
register a request handler that masks the underlyin [...]
```
<requestHandler name="/sql" class="solr.NotFoundRequestHandler"/>
```
Users needing this SQL functionality are forced to upgrade to Solr 9.1. If
Solr 8.11.3 is released, then it will be an option as well. Simply replacing
Calcite and other JAR files may mostly work but could fail depending on the
particulars of the query. Users interested in this or in patching their own
versions of Solr should examine SOLR-16421 for a source patch.
-**Credit:**
+**Credit:**
Andreas Hubold at CoreMedia GmbH
-**References:**
-https://nvd.nist.gov/vuln/detail/CVE-2022-39135
-https://issues.apache.org/jira/browse/SOLR-16421
+**References:**
+JIRA - [SOLR-16421](https://issues.apache.org/jira/browse/SOLR-16421)
+CVE - [CVE-2022-39135](https://nvd.nist.gov/vuln/detail/CVE-2022-39135)
diff --git a/content/solr/security/2024-01-12-cve-2023-50290.md
b/content/solr/security/2024-01-12-cve-2023-50290.md
index df26b4531..721575376 100644
--- a/content/solr/security/2024-01-12-cve-2023-50290.md
+++ b/content/solr/security/2024-01-12-cve-2023-50290.md
@@ -2,10 +2,13 @@ Title: CVE-2023-50290: Apache Solr allows read access to host
environment variab
category: solr/security
cve: CVE-2023-50290
-**Versions Affected:**
+**Severity:**
+Important
+
+**Versions Affected:**
Solr 9.0 to 9.2.1
-**Description:**
+**Description:**
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Solr.
The Solr Metrics API publishes all unprotected environment variables available
to each Apache Solr instance.
Users are able to specify which environment variables to hide, however, the
default list is designed to work for known secret Java system properties.
@@ -14,9 +17,9 @@ Environment variables cannot be strictly defined in Solr,
like Java system prope
The Solr Metrics API is protected by the "metrics-read" permission.
Therefore, Solr Clouds with Authorization setup will only be vulnerable via
users with the "metrics-read" permission.
-**Mitigation:**
+**Mitigation:**
Users are recommended to upgrade to version 9.3.0 or later, in which
environment variables are not published via the Metrics API.
-**References:**
-https://nvd.nist.gov/vuln/detail/CVE-2023-50290
-https://issues.apache.org/jira/browse/SOLR-16808
+**References:**
+JIRA - [SOLR-15233](https://issues.apache.org/jira/browse/SOLR-16808)
+CVE - [CVE-2023-50290](https://nvd.nist.gov/vuln/detail/CVE-2023-50290)
