[MAVEN:GHSA-3C7P-VV5R-CMR5] Incorrect Authorization in Apache Solr
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This issue is patched in 8.6.3.
Package | Affected Version |
---|---|
pkg:maven/org.apache.solr/solr-parent | >= 6.6.0, < 8.6.3 |
Package | Fixed Version |
---|---|
pkg:maven/org.apache.solr/solr-parent | = 8.6.3 |
- ID
- MAVEN:GHSA-3C7P-VV5R-CMR5
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-3c7p-vv5r-cmr5
- Published
-
2022-02-10T00:31:27
(2 years ago) - Modified
-
2023-02-16T05:06:40
(19 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.apache.solr/solr-parent | org.apache.solr | solr-parent | >= 6.6.0 < 8.6.3 | |||
Fixed | pkg:maven/org.apache.solr/solr-parent | org.apache.solr | solr-parent | = 8.6.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |