Lucene search
K

4 matches found

OSV
OSV
added 2025/01/27 9:30 a.m.8 views

GHSA-68R2-FWCG-QPM8 Apache Solr vulnerable to Execution with Unnecessary Privileges

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

9.2CVSS5.3AI score0.01136EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/01/27 8:58 a.m.9 views

CVE-2025-24814 Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.9AI score0.01136EPSS
Exploits0References1
CVE
CVE
added 2025/01/27 8:58 a.m.111 views

CVE-2025-24814

Summary of CVE-2025-24814 (Apache Solr): Solr instances using FileSystemConfigSetService (default in standalone or user-managed mode) and lacking authentication/authorization are vulnerable to privilege escalation where replacement of trusted configset files can be treated as trusted. This can al...

5.5CVSS7.2AI score0.01136EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/12 3:37 p.m.23 views

Apache Solr Operator liveness and readiness probes may leak basic auth credentials

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

6.5CVSS6.6AI score0.00847EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder