This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new e3d07514d Commit build products
e3d07514d is described below
commit e3d07514dbbda97d6a1dae716b6c1e295deeedd9
Author: Build Pelican (action) <[email protected]>
AuthorDate: Sun Jan 26 12:43:57 2025 +0000
Commit build products
---
output/feeds/all.atom.xml | 84 ++++++++++++++++-----------
output/feeds/solr/security.atom.xml | 50 ++++++++++++++++-
output/index.html | 2 +-
output/news.html | 40 +++++++++++++
output/operator/index.html | 2 +-
output/security.html | 109 +++++++++++++++++-------------------
6 files changed, 193 insertions(+), 94 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index a72aba076..f49195454 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -1,5 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"></link><link href="/feeds/all.atom.xml"
rel="self"></link><id>/</id><updated>2025-01-23T00:00:00+00:00</updated><entry><title>Apache
Solr™ 9.8.0 available</title><link href="/apache-solrtm-980-available.html"
rel="alternate"></link><published>2025-01-23T00:00:00+00:00</published><updated>2025-01-23T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-01-23: [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"></link><link href="/feeds/all.atom.xml"
rel="self"></link><id>/</id><updated>2025-01-26T00:00:00+00:00</updated><entry><title>CVE-2024-52012:
Apache Solr: Configset upload on Windows allows arbitrary path
write-access</title><link
href="/cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access.html"
rel="alternate"></link><published>2025-01-26T00:00:00+00:00 [...]
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.6 through 9.7.0</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Relative Path Traversal vulnerability in Apache Solr.</p>
+<p>Solr instances running on Windows are vulnerable to arbitrary
filepath write-access, due to a lack of input-sanitation in the "configset
upload" API. Commonly known as a "zipslip", maliciously constructed ZIP
…</p></summary><content
type="html"><p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.6 through 9.7.0</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Relative Path Traversal vulnerability in Apache Solr.</p>
+<p>Solr instances running on Windows are vulnerable to arbitrary
filepath write-access, due to a lack of input-sanitation in the "configset
upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files
can use relative filepaths to write data to unanticipated parts of the
filesystem.<br>
+This issue affects Apache Solr: from 6.6 through 9.7.0.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users are recommended to upgrade to version 9.8.0, which fixes the
issue. Users unable to upgrade may also safely prevent the issue by using
Solr's "Rule-Based Authentication Plugin" to restrict access to the configset
upload API, so that it can only be accessed by a trusted set of
administrators/users.</p>
+<p><strong>Credit</strong>
+rry (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17543">SOLR-17543</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2024-52012">CVE-2024-52012</a></p></content><category
term="solr/security"></category></entry><entry><title>CVE-2025-24814: Apache
Solr: Core-creation with "trusted" configset can use arbitrary untrusted
files</title><link
href="/cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files.html"
rel="alternate"></link><published>2025-01-26T00:00:00+00:00</published><updated>2025-01-
[...]
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr through 9.7</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Core creation allows users to replace "trusted" configset files with
arbitrary configuration</p>
+<p>Solr instances that (1) use the "FileSystemConfigSetService"
component (the default in "standalone" or "user-managed" mode), and (2) are
running without authentication and authorization are vulnerable to a sort
…</p></summary><content
type="html"><p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr through 9.7</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Core creation allows users to replace "trusted" configset files with
arbitrary configuration</p>
+<p>Solr instances that (1) use the "FileSystemConfigSetService"
component (the default in "standalone" or "user-managed" mode), and (2) are
running without authentication and authorization are vulnerable to a sort of
privilege escalation wherein individual "trusted" configset files can be
ignored in favor of potentially-untrusted replacements available elsewhere on
the filesystem. These replacement config files are treated as "trusted" and
can use "<lib>" tags to add to Solr [...]
+<p>This issue affects all Apache Solr versions up through Solr
9.7.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users can protect against the vulnerability by enabling
authentication and authorization on their Solr clusters or switching to
SolrCloud (and away from "FileSystemConfigSetService"). Users are also
recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling
use of "<lib>" tags by default.</p>
+<p><strong>Credit</strong>
+pwn null (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-16781">SOLR-16781</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-24814">CVE-2025-24814</a></p></content><category
term="solr/security"></category></entry><entry><title>Apache Solr™ 9.8.0
available</title><link href="/apache-solrtm-980-available.html"
rel="alternate"></link><published>2025-01-23T00:00:00+00:00</published><updated>2025-01-23T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-01-23:/apache-solrtm-980-available.html</id><summary
[...]
<p>Solr is the blazing-fast, open source, multi-modal search platform
built on Apache Lucene. It powers full-text, vector, analytics, and geospatial
search at many of the world's largest organizations. Other major features
include Kubernetes and docker …</p></summary><content
type="html"><p>The Solr PMC is pleased to announce the release of Apache
Solr 9.8.0.</p>
<p>Solr is the blazing-fast, open source, multi-modal search platform
built on Apache Lucene. It powers full-text, vector, analytics, and geospatial
search at many of the world's largest organizations. Other major features
include Kubernetes and docker integration, streaming, highlighting, faceting,
and spellchecking.</p>
<p>Solr 9.8.0 is available for immediate download at:</p>
@@ -2250,36 +2298,4 @@ deserialisation support to protect against this
vulnerability.</p>
<li><a
href="https://issues.apache.org/jira/browse/SOLR-11486">https://issues.apache.org/jira/browse/SOLR-11486</a></li>
<li><a
href="https://issues.apache.org/jira/browse/SOLR-10335">https://issues.apache.org/jira/browse/SOLR-10335</a></li>
<li><a
href="https://cwiki.apache.org/confluence/display/solr/SolrSecurity">https://cwiki.apache.org/confluence/display/solr/SolrSecurity</a></li>
-</ul></content><category
term="solr/security"></category></entry><entry><title>Apache Solr™ 5.5.5
available</title><link href="/"
rel="alternate"></link><published>2017-10-24T00:00:00+00:00</published><updated>2017-10-24T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2017-10-24:/</id><summary
type="html"><p>The Lucene PMC is pleased to announce the release of
Apache Solr 5.5.5.</p>
-<p>Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Lucene project. Its major features include powerful full-text
search, hit highlighting, faceted search and analytics, rich document parsing,
geospatial search, extensive …</p></summary><content
type="html"><p>The Lucene PMC is pleased to announce the release of
Apache Solr 5.5.5.</p>
-<p>Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Lucene project. Its major features include powerful full-text
search, hit highlighting, faceted search and analytics, rich document parsing,
geospatial search, extensive REST APIs as well as parallel SQL. Solr is
enterprise grade, secure and highly scalable, providing fault tolerant
distributed search and indexing, and powers the search and navigation features
of many of the world's largest inte [...]
-<p>This release contains one bugfix.</p>
-<p>This release includes one critical and one important security fix.
Details:</p>
-<ul>
-<li>
-<p>Fix for a 0-day exploit (CVE-2017-12629), details: <a
href="https://s.apache.org/FJDl">https://s.apache.org/FJDl</a>.
RunExecutableListener has been disabled by default (can be enabled by
-Dsolr.enableRunExecutableListener=true) and resolving external entities in the
XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
default.</p>
-</li>
-<li>
-<p>Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
communication in Apache Solr, details: <a
href="https://s.apache.org/APTY">https://s.apache.org/APTY</a></p>
-</li>
-</ul>
-<p>Furthermore, this release includes Apache Lucene 5.5.5 which includes
one security fix since the 5.5.4 release.</p>
-<p>The release is available for immediate download at:</p>
-<p><a
href="https://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5">https://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5</a></p>
-<p>Please read CHANGES.txt for a detailed list of changes:</p>
-<p><a
href="https://solr.apache.org/5_5_5/changes/Changes.html">https://solr.apache.org/5_5_5/changes/Changes.html</a></p></content><category
term="solr/news"></category></entry><entry><title>Apache Solr™ 6.6.2
available</title><link href="/"
rel="alternate"></link><published>2017-10-18T00:00:00+00:00</published><updated>2017-10-18T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2017-10-18:/</id><summary
type="html"><p>The L [...]
-<p>Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Lucene project. Its major features include powerful full-text
search, hit highlighting, faceted search and analytics, rich document parsing,
geospatial search, extensive …</p></summary><content
type="html"><p>The Lucene PMC is pleased to announce the release of
Apache Solr 6.6.2</p>
-<p>Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Lucene project. Its major features include powerful full-text
search, hit highlighting, faceted search and analytics, rich document parsing,
geospatial search, extensive REST APIs as well as parallel SQL. Solr is
enterprise grade, secure and highly scalable, providing fault tolerant
distributed search and indexing, and powers the search and navigation features
of many of the world's largest inte [...]
-<h3 id="highlights-for-this-solr-release-includes">Highlights for this
Solr release includes:</h3>
-<ul>
-<li>
-<p>Critical security fix: Fix for a 0-day exploit (CVE-2017-12629),
details: https://s.apache.org/FJDl. RunExecutableListener has been disabled by
default (can be enabled by -Dsolr.enableRunExecutableListener=true) and
resolving external entities in the XML query parser (defType=xmlparser or
{!xmlparser ... }) is disabled by default.</p>
-</li>
-<li>
-<p>Fix for a bug where Solr was attempting to load the same core twice
(Error message: "Lock held by this virtual machine").</p>
-</li>
-</ul>
-<p>The release is available for immediate download at:</p>
-<p><a
href="https://www.apache.org/dyn/closer.lua/lucene/solr/6.6.2">https://www.apache.org/dyn/closer.lua/lucene/solr/6.6.2</a></p>
-<p>Please read CHANGES.txt for a detailed list of changes:</p>
-<p><a
href="https://solr.apache.org/6_6_2/changes/Changes.html">https://solr.apache.org/6_6_2/changes/Changes.html</a></p></content><category
term="solr/news"></category></entry></feed>
\ No newline at end of file
+</ul></content><category term="solr/security"></category></entry></feed>
\ No newline at end of file
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index 762fe5aa1..4d2a4a52c 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -1,5 +1,53 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"></link><link
href="/feeds/solr/security.atom.xml"
rel="self"></link><id>/</id><updated>2024-10-14T00:00:00+00:00</updated><entry><title>CVE-2024-45216:
Apache Solr: Authentication bypass possible using a fake URL Path
ending</title><link
href="/cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending.html"
rel="alternate"></link><published>2024- [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"></link><link
href="/feeds/solr/security.atom.xml"
rel="self"></link><id>/</id><updated>2025-01-26T00:00:00+00:00</updated><entry><title>CVE-2024-52012:
Apache Solr: Configset upload on Windows allows arbitrary path
write-access</title><link
href="/cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access.html"
rel="alternate"></link><published [...]
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.6 through 9.7.0</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Relative Path Traversal vulnerability in Apache Solr.</p>
+<p>Solr instances running on Windows are vulnerable to arbitrary
filepath write-access, due to a lack of input-sanitation in the "configset
upload" API. Commonly known as a "zipslip", maliciously constructed ZIP
…</p></summary><content
type="html"><p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.6 through 9.7.0</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Relative Path Traversal vulnerability in Apache Solr.</p>
+<p>Solr instances running on Windows are vulnerable to arbitrary
filepath write-access, due to a lack of input-sanitation in the "configset
upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files
can use relative filepaths to write data to unanticipated parts of the
filesystem.<br>
+This issue affects Apache Solr: from 6.6 through 9.7.0.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users are recommended to upgrade to version 9.8.0, which fixes the
issue. Users unable to upgrade may also safely prevent the issue by using
Solr's "Rule-Based Authentication Plugin" to restrict access to the configset
upload API, so that it can only be accessed by a trusted set of
administrators/users.</p>
+<p><strong>Credit</strong>
+rry (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17543">SOLR-17543</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2024-52012">CVE-2024-52012</a></p></content><category
term="solr/security"></category></entry><entry><title>CVE-2025-24814: Apache
Solr: Core-creation with "trusted" configset can use arbitrary untrusted
files</title><link
href="/cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files.html"
rel="alternate"></link><published>2025-01-26T00:00:00+00:00</published><updated>2025-01-
[...]
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr through 9.7</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Core creation allows users to replace "trusted" configset files with
arbitrary configuration</p>
+<p>Solr instances that (1) use the "FileSystemConfigSetService"
component (the default in "standalone" or "user-managed" mode), and (2) are
running without authentication and authorization are vulnerable to a sort
…</p></summary><content
type="html"><p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr through 9.7</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Core creation allows users to replace "trusted" configset files with
arbitrary configuration</p>
+<p>Solr instances that (1) use the "FileSystemConfigSetService"
component (the default in "standalone" or "user-managed" mode), and (2) are
running without authentication and authorization are vulnerable to a sort of
privilege escalation wherein individual "trusted" configset files can be
ignored in favor of potentially-untrusted replacements available elsewhere on
the filesystem. These replacement config files are treated as "trusted" and
can use "<lib>" tags to add to Solr [...]
+<p>This issue affects all Apache Solr versions up through Solr
9.7.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users can protect against the vulnerability by enabling
authentication and authorization on their Solr clusters or switching to
SolrCloud (and away from "FileSystemConfigSetService"). Users are also
recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling
use of "<lib>" tags by default.</p>
+<p><strong>Credit</strong>
+pwn null (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-16781">SOLR-16781</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-24814">CVE-2025-24814</a></p></content><category
term="solr/security"></category></entry><entry><title>CVE-2024-45216: Apache
Solr: Authentication bypass possible using a fake URL Path ending</title><link
href="/cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending.html"
rel="alternate"></link><published>2024-10-14T00:00:00+00:00</published><updated>2024-10-14T00:00:00+00:00</updat
[...]
Critical</p>
<p><strong>Versions Affected:</strong></p>
<ul>
diff --git a/output/index.html b/output/index.html
index 62cec8046..4c84dcebe 100644
--- a/output/index.html
+++ b/output/index.html
@@ -114,7 +114,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2024-10-14">
+<section class="security" latest-date="2025-01-26">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="security.html">⚠ There are recent security
announcements. Read more on the Security page.</a></h2>
diff --git a/output/news.html b/output/news.html
index a7b0bd01c..8e4b6043d 100644
--- a/output/news.html
+++ b/output/news.html
@@ -134,6 +134,46 @@
<h1 id="solr-news">Solr<sup>™</sup> News<a class="headerlink"
href="#solr-news" title="Permanent link">¶</a></h1>
<p>You may also read these news as an <a
href="/feeds/solr/news.atom.xml">ATOM feed</a>.</p>
+ <h2
id="cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access">26
January 2025, CVE-2024-52012: Apache Solr: Configset upload on Windows allows
arbitrary path write-access
+ <a class="headerlink"
href="#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.6 through 9.7.0</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Relative Path Traversal vulnerability in Apache Solr.</p>
+<p>Solr instances running on Windows are vulnerable to arbitrary filepath
write-access, due to a lack of input-sanitation in the "configset upload" API.
Commonly known as a "zipslip", maliciously constructed ZIP files can use
relative filepaths to write data to unanticipated parts of the filesystem.<br>
+This issue affects Apache Solr: from 6.6 through 9.7.0.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users are recommended to upgrade to version 9.8.0, which fixes the issue.
Users unable to upgrade may also safely prevent the issue by using Solr's
"Rule-Based Authentication Plugin" to restrict access to the configset upload
API, so that it can only be accessed by a trusted set of
administrators/users.</p>
+<p><strong>Credit</strong>
+rry (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17543";>SOLR-17543</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2024-52012";>CVE-2024-52012</a></p>
+ <h2
id="cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files">26
January 2025, CVE-2025-24814: Apache Solr: Core-creation with "trusted"
configset can use arbitrary untrusted files
+ <a class="headerlink"
href="#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr through 9.7</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Core creation allows users to replace "trusted" configset files with
arbitrary configuration</p>
+<p>Solr instances that (1) use the "FileSystemConfigSetService" component (the
default in "standalone" or "user-managed" mode), and (2) are running without
authentication and authorization are vulnerable to a sort of privilege
escalation wherein individual "trusted" configset files can be ignored in favor
of potentially-untrusted replacements available elsewhere on the filesystem.
These replacement config files are treated as "trusted" and can use "<lib>"
tags to add to Solr's classpath [...]
+<p>This issue affects all Apache Solr versions up through Solr 9.7.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users can protect against the vulnerability by enabling authentication and
authorization on their Solr clusters or switching to SolrCloud (and away from
"FileSystemConfigSetService"). Users are also recommended to upgrade to Solr
9.8.0, which mitigates this issue by disabling use of "<lib>" tags by
default.</p>
+<p><strong>Credit</strong>
+pwn null (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-16781";>SOLR-16781</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-24814";>CVE-2025-24814</a></p>
<h2 id="apache-solrtm-980-available">23 January 2025, Apache Solr™ 9.8.0
available
<a class="headerlink" href="#apache-solrtm-980-available" title="Permanent
link">¶</a>
</h2>
diff --git a/output/operator/index.html b/output/operator/index.html
index d10777f37..ed4e872fc 100644
--- a/output/operator/index.html
+++ b/output/operator/index.html
@@ -106,7 +106,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2024-10-14">
+<section class="security" latest-date="2025-01-26">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="/security.html">⚠ There are recent security
announcements. Read more on the Solr Security page.</a></h2>
diff --git a/output/security.html b/output/security.html
index 117264e69..d369b693b 100644
--- a/output/security.html
+++ b/output/security.html
@@ -189,6 +189,16 @@ with you to see if we can provide this information in
other variations or format
<th width="95">Date</th>
<th>Announcement</th>
</tr>
+ <tr>
+ <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-52012";>CVE-2024-52012</a></td>
+ <td>2025-01-26</td>
+ <td><a
href="#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access">Apache
Solr: Configset upload on Windows allows arbitrary path write-access</a></td>
+ </tr>
+ <tr>
+ <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2025-24814";>CVE-2025-24814</a></td>
+ <td>2025-01-26</td>
+ <td><a
href="#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files">Apache
Solr: Core-creation with "trusted" configset can use arbitrary untrusted
files</a></td>
+ </tr>
<tr>
<td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-45216";>CVE-2024-45216</a></td>
<td>2024-10-14</td>
@@ -254,18 +264,50 @@ with you to see if we can provide this information in
other variations or format
<td>2021-04-12</td>
<td><a
href="#cve-2021-29262-misapplied-zookeeper-acls-can-result-in-leakage-of-configured-authentication-and-authorization-settings">Misapplied
Zookeeper ACLs can result in leakage of configured authentication and
authorization settings</a></td>
</tr>
- <tr>
- <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-29943";>CVE-2021-29943</a></td>
- <td>2021-04-12</td>
- <td><a
href="#cve-2021-29943-apache-solr-unprivileged-users-may-be-able-to-perform-unauthorized-readwrite-to-collections">Apache
Solr Unprivileged users may be able to perform unauthorized read/write to
collections</a></td>
- </tr>
- <tr>
- <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2020-13957";>CVE-2020-13957</a></td>
- <td>2020-10-12</td>
- <td><a
href="#cve-2020-13957-the-checks-added-to-unauthenticated-configset-uploads-in-apache-solr-can-be-circumvented">The
checks added to unauthenticated configset uploads in Apache Solr can be
circumvented</a></td>
- </tr>
</table>
+ <h2
id="cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access">2025-01-26,
CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path
write-access
+ <a class="headerlink"
href="#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.6 through 9.7.0</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Relative Path Traversal vulnerability in Apache Solr.</p>
+<p>Solr instances running on Windows are vulnerable to arbitrary filepath
write-access, due to a lack of input-sanitation in the "configset upload" API.
Commonly known as a "zipslip", maliciously constructed ZIP files can use
relative filepaths to write data to unanticipated parts of the filesystem.<br>
+This issue affects Apache Solr: from 6.6 through 9.7.0.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users are recommended to upgrade to version 9.8.0, which fixes the issue.
Users unable to upgrade may also safely prevent the issue by using Solr's
"Rule-Based Authentication Plugin" to restrict access to the configset upload
API, so that it can only be accessed by a trusted set of
administrators/users.</p>
+<p><strong>Credit</strong>
+rry (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-17543";>SOLR-17543</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2024-52012";>CVE-2024-52012</a></p>
+ <hr/>
+ <h2
id="cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files">2025-01-26,
CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use
arbitrary untrusted files
+ <a class="headerlink"
href="#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity</strong>
+moderate</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr through 9.7</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Core creation allows users to replace "trusted" configset files with
arbitrary configuration</p>
+<p>Solr instances that (1) use the "FileSystemConfigSetService" component (the
default in "standalone" or "user-managed" mode), and (2) are running without
authentication and authorization are vulnerable to a sort of privilege
escalation wherein individual "trusted" configset files can be ignored in favor
of potentially-untrusted replacements available elsewhere on the filesystem.
These replacement config files are treated as "trusted" and can use "<lib>"
tags to add to Solr's classpath [...]
+<p>This issue affects all Apache Solr versions up through Solr 9.7.</p>
+<p><strong>Mitigation</strong></p>
+<p>Users can protect against the vulnerability by enabling authentication and
authorization on their Solr clusters or switching to SolrCloud (and away from
"FileSystemConfigSetService"). Users are also recommended to upgrade to Solr
9.8.0, which mitigates this issue by disabling use of "<lib>" tags by
default.</p>
+<p><strong>Credit</strong>
+pwn null (reporter)</p>
+<p><strong>References</strong>
+JIRA - <a
href="https://issues.apache.org/jira/browse/SOLR-16781";>SOLR-16781</a>
+CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-24814";>CVE-2025-24814</a></p>
+ <hr/>
<h2
id="cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending">2024-10-14,
CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL
Path ending
<a class="headerlink"
href="#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending"
title="Permanent link">¶</a>
</h2>
@@ -583,53 +625,6 @@ Any of the following are enough to prevent this
vulnerability:</p>
Timothy Potter and Mike Drob, Apple Cloud Services</p>
<p><strong>References:</strong>
<a href="https://issues.apache.org/jira/browse/SOLR-15249";>SOLR-15249</a>:
CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured
authentication and authorization settings</p>
- <hr/>
- <h2
id="cve-2021-29943-apache-solr-unprivileged-users-may-be-able-to-perform-unauthorized-readwrite-to-collections">2021-04-12,
CVE-2021-29943: Apache Solr Unprivileged users may be able to perform
unauthorized read/write to collections
- <a class="headerlink"
href="#cve-2021-29943-apache-solr-unprivileged-users-may-be-able-to-perform-unauthorized-readwrite-to-collections"
title="Permanent link">¶</a>
- </h2>
- <p><strong>Severity:</strong>
-High</p>
-<p><strong>Versions Affected:</strong>
-7.0.0 to 7.7.3
-8.0.0 to 8.8.1</p>
-<p><strong>Description:</strong>
-When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache
Solr versions prior to 8.8.2 would forward/proxy distributed requests using
server credentials instead of original client credentials. This would result in
incorrect authorization resolution on the receiving hosts.</p>
-<p><strong>Mitigation:</strong>
-Any of the following are enough to prevent this vulnerability:</p>
-<ul>
-<li>Upgrade to <code>Solr 8.8.2</code> or greater.</li>
-<li>If upgrading is not an option, consider applying the patch in <a
href="https://issues.apache.org/jira/browse/SOLR-15233";>SOLR-15233</a></li>
-<li>Use a different authentication plugin, such as the KerberosPlugin or
HadoopAuthPlugin</li>
-</ul>
-<p><strong>Credit:</strong>
-Geza Nagy</p>
-<p><strong>References:</strong>
-<a href="https://issues.apache.org/jira/browse/SOLR-15233";>SOLR-15233</a>:
CVE-2021-29943: Apache Solr Unprivileged users may be able to perform
unauthorized read/write to collections </p>
- <hr/>
- <h2
id="cve-2020-13957-the-checks-added-to-unauthenticated-configset-uploads-in-apache-solr-can-be-circumvented">2020-10-12,
CVE-2020-13957: The checks added to unauthenticated configset uploads in
Apache Solr can be circumvented
- <a class="headerlink"
href="#cve-2020-13957-the-checks-added-to-unauthenticated-configset-uploads-in-apache-solr-can-be-circumvented"
title="Permanent link">¶</a>
- </h2>
- <p><strong>Severity:</strong>
-High</p>
-<p><strong>Versions Affected:</strong>
-6.6.0 to 6.6.6
-7.0.0 to 7.7.3
-8.0.0 to 8.6.2</p>
-<p><strong>Description:</strong>
-Solr prevents some features considered dangerous (which could be used for
remote code execution) to be configured in a ConfigSet that's uploaded via API
without authentication/authorization. The checks in place to prevent such
features can be circumvented by using a combination of UPLOAD/CREATE
actions.</p>
-<p><strong>Mitigation:</strong>
-Any of the following are enough to prevent this vulnerability:</p>
-<ul>
-<li>Disable UPLOAD command in ConfigSets API if not used by setting the system
property: <code>configset.upload.enabled</code> to <code>false</code> (<a
href="https://solr.apache.org/guide/8_6/configsets-api.html";>see docs</a>)</li>
-<li>Use Authentication/Authorization and make sure unknown requests aren't
allowed (<a
href="https://solr.apache.org/guide/8_6/authentication-and-authorization-plugins.html";>see
docs</a>)</li>
-<li>Upgrade to <code>Solr 8.6.3</code> or greater.</li>
-<li>If upgrading is not an option, consider applying the patch in <a
href="https://issues.apache.org/jira/browse/SOLR-14663";>SOLR-14663</a></li>
-<li>No Solr API, including the Admin UI, is designed to be exposed to
non-trusted parties. Tune your firewall so that only trusted computers and
people are allowed access</li>
-</ul>
-<p><strong>Credit:</strong>
-Tomás Fernández Löbbe, András Salamon</p>
-<p><strong>References:</strong>
-<a href="https://issues.apache.org/jira/browse/SOLR-14925";>SOLR-14925</a>:
CVE-2020-13957: The checks added to unauthenticated configset uploads can be
circumvented</p>
<hr/>
<h1 id="cve-reports-for-apache-solr-dependencies">CVE reports for Apache
Solr dependencies</h1>
<p>Below is a list of CVE vulnerabilities in Apache Solr dependencies, and
the state of their applicability to Solr.</p>
