Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN052 _____________________________________________________________________ DATE : 28/01/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems Apache Solr versions prior to 9.8.0. ===================================================================== https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd _____________________________________________________________________ CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files Posted to users@solr.apache.org Jason Gerlowski - dimanche 26 janvier 2025 12:57:25 UTC+1 Severity: moderate Affected versions: - Apache Solr through 9.7 Description: Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "" tags by default. Credit: pwn null (finder) References: https://solr.apache.org https://www.cve.org/CVERecord?id=CVE-2025-24814 _____________________________________________________________________ CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access Severity: moderate Affected versions: - Apache Solr 6.6 through 9.7.0 Description: Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. This issue is being tracked as SOLR-17543 Credit: rry (finder) References: https://solr.apache.org https://www.cve.org/CVERecord?id=CVE-2024-52012 https://issues.apache.org/jira/browse/SOLR-17543 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================