Veracode Vulnerability DatabaseVERACODE:26336Information Disclosure
EPSS
Percentile
79.3%
Apache solr-core is vulnerable to information disclosure. Lack of validation of CoreAdminAPI’s parameters consequently lead to search index data exposure and replace index data entirely by loading it from a remote file system.
References
github.com/apache/lucene-solr/commit/49a3f0a11d41f7124b893a08dc9e67594c32e2ee
github.com/apache/lucene-solr/commit/61f455d806768c9021157ae7ec5d5c677bac87b7
github.com/apache/lucene-solr/commit/6975e138f4a037bfcf2444d6c98cb3d44bf86e3b
github.com/apache/lucene-solr/commit/f509e04025e0c0fca73b1fe3fc4ddf44e4c66c43
github.com/apache/lucene-solr/commit/f509e04025e0c0fca73b1fe3fc4ddf44e4c66c43
issues.apache.org/jira/browse/SOLR-14561
lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E
lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E
www.openwall.com/lists/oss-security/2020/08/15/1
Related
