[
https://issues.apache.org/jira/browse/SOLR-18058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Gerlowski updated SOLR-18058:
-----------------------------------
Security: Public (was: Private (Security Issue))
> Insufficient "allowPath" checking in create-core
> ------------------------------------------------
>
> Key: SOLR-18058
> URL: https://issues.apache.org/jira/browse/SOLR-18058
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: 9.10
> Reporter: Jason Gerlowski
> Assignee: Jason Gerlowski
> Priority: Blocker
> Fix For: 10.0, 9.10.1
>
> Attachments: SOLR-18058.patch
>
>
> Solr's "create-core" codepath has two problems in how it enforces
> "solr.allowPaths":
> # The "instanceDir" property is checked against "solr.allowPaths", but only
> *after* we check that the location exists. This is innocuous in many
> circumstances, but on Windows boxes configured to allow UNC the "file-exists"
> check will trigger a network request that can leak a NTLM hash of the Windows
> user.
> # The "configSet" property allows users to specify either the name or the
> full file-system path to a configset. In the later case, when a file-system
> path is provided, we don't check this path against "solr.allowPaths" at all!
> Both of these shortcomings should be fixed before the next release of Solr.
> (1) can be fixed by reordering the allowPaths check to happen before the
> "existence" check, and (2) can be fixed by adding the missing allowPaths
> check.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
