4 matches found
GHSA-68R2-FWCG-QPM8 Apache Solr vulnerable to Execution with Unnecessary Privileges
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...
CVE-2025-24814 Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...
CVE-2025-24814
Summary of CVE-2025-24814 (Apache Solr): Solr instances using FileSystemConfigSetService (default in standalone or user-managed mode) and lacking authentication/authorization are vulnerable to privilege escalation where replacement of trusted configset files can be treated as trusted. This can al...
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...