ID CVE-2020-13957 Type cve Reporter cve@mitre.org Modified 2020-11-02T21:15:00
Description
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
{"id": "CVE-2020-13957", "bulletinFamily": "NVD", "title": "CVE-2020-13957", "description": "Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.", "published": "2020-10-13T19:15:00", "modified": "2020-11-02T21:15:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13957", "reporter": "cve@mitre.org", "references": ["https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E", "https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E", "https://security.netapp.com/advisory/ntap-20201023-0002/", "https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075@%3Ccommits.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628@%3Cissues.lucene.apache.org%3E", "https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7@%3Ccommits.lucene.apache.org%3E"], "cvelist": ["CVE-2020-13957"], "type": "cve", "lastseen": "2020-12-09T22:03:07", "edition": 7, "viewCount": 15, "enchantments": {"dependencies": {"references": [], "modified": "2020-12-09T22:03:07", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-12-09T22:03:07", "rev": 2}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/ipssignatures/status/1338952475601231873", "text": "It's new to me that FortiGuard has a protection/signature/rule for the vulnerability CVE-2020-13957.\nhttps://t.co/7aNLrN5CHI?amp=1\n/search?src=sprv&q=CVE-2020-13957\nThe vuln was published 63 days ago by NIST.\n/hashtag/Sg2j6w2d5dclgy?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1338952475601231873", "text": "It's new to me that FortiGuard has a protection/signature/rule for the vulnerability CVE-2020-13957.\nhttps://t.co/7aNLrN5CHI?amp=1\n/search?src=sprv&q=CVE-2020-13957\nThe vuln was published 63 days ago by NIST.\n/hashtag/Sg2j6w2d5dclgy?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1338952475601231873", "text": "It's new to me that FortiGuard has a protection/signature/rule for the vulnerability CVE-2020-13957.\nhttps://t.co/7aNLrN5CHI?amp=1\n/search?src=sprv&q=CVE-2020-13957\nThe vuln was published 63 days ago by NIST.\n/hashtag/Sg2j6w2d5dclgy?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1338952475601231873", "text": "It's new to me that FortiGuard has a protection/signature/rule for the vulnerability CVE-2020-13957.\nhttps://t.co/7aNLrN5CHI?amp=1\n/search?src=sprv&q=CVE-2020-13957\nThe vuln was published 63 days ago by NIST.\n/hashtag/Sg2j6w2d5dclgy?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1338952476343627780", "text": "I know 2 other IPSs that have protections/signatures/rules for the vulnerability CVE-2020-13957.\nhttps://t.co/D0UuyqrWbg?amp=1\n/hashtag/Sg2j6w2d5dclgy?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1338952476343627780", "text": "I know 2 other IPSs that have protections/signatures/rules for the vulnerability CVE-2020-13957.\nhttps://t.co/D0UuyqrWbg?amp=1\n/hashtag/Sg2j6w2d5dclgy?src=hashtag_click"}], "modified": "2020-12-09T22:03:07"}, "vulnersScore": 4.9}, "cpe": ["cpe:/a:apache:solr:7.7.3", "cpe:/a:apache:solr:6.6.6", "cpe:/a:apache:solr:8.6.2"], "affectedSoftware": [{"cpeName": "apache:solr", "name": "apache solr", "operator": "le", "version": "8.6.2"}, {"cpeName": "apache:solr", "name": "apache solr", "operator": "le", "version": "7.7.3"}, {"cpeName": "apache:solr", "name": "apache solr", "operator": "le", "version": "6.6.6"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:solr:7.7.3:*:*:*:*:*:*:*", "versionEndIncluding": "7.7.3", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:solr:8.6.2:*:*:*:*:*:*:*", "versionEndIncluding": "8.6.2", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:solr:6.6.6:*:*:*:*:*:*:*", "versionEndIncluding": "6.6.6", "versionStartIncluding": "6.6.0", "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:apache:solr:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:solr:8.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:solr:6.6.6:*:*:*:*:*:*:*"], "cwe": ["CWE-862"], "scheme": null}
