CVE-2020-13941

CWE-20 — Improper Input Validation CWE-284 — Improper Access Control9 documents7 sources

Severity

8.8HIGH

EPSS

2.8%

top 13.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Solr

Timeline

PublishedAug 17

Latest updateFeb 10

Description

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDapache/solr< 8.6.0

▶Mavenorg.apache.solr:solr-parent< 8.6.0

▶Debianlucene-solr< 3.6.2+dfsg-23+3

▶CVEListV5apache_solrPrior to 8.6.0

🔴Vulnerability Details

OSV

Improper Input Validation in Apache Solr↗2022-02-10

▶

GHSA

Improper Input Validation in Apache Solr↗2022-02-10

▶

OSV

CVE-2020-13941: Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8↗2020-08-17

▶

CVEList

CVE-2020-13941: Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8↗2020-08-17

▶

📋Vendor Advisories

Red Hat

solr: replication handler allows a read-write operations to any location the solr user can access↗2020-08-17

▶

Debian

CVE-2020-13941: lucene-solr - Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in S...↗2020

▶

💬Community

Bugzilla

CVE-2020-13941 solr: replication handler allows a read-write operations to any location the solr user can access↗2020-08-17

▶

Bugzilla

CVE-2020-13941 solr3: solr: replication handler allows a read-write operations to any location the solr user can access [fedora-31]↗2020-08-17

▶