oss-sec mailing list archives

Severity: moderate

Affected versions:

- Apache Solr 6.6 through 9.7.0

Description:

Relative Path Traversal vulnerability in Apache Solr.

Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation 
in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative 
filepaths to write data to unanticipated parts of the filesystem.  
This issue affects Apache Solr: from 6.6 through 9.7.0.

Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely 
prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so 
that it can only be accessed by a trusted set of administrators/users.

This issue is being tracked as SOLR-17543 

Credit:

rry (finder)

References:

https://solr.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-52012
https://issues.apache.org/jira/browse/SOLR-17543

Current thread:

• CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access Jason Gerlowski (Jan 26)