CVE-2020-13957

CWE-863Incorrect AuthorizationCWE-862Missing Authorization8 documents7 sources
Severity
9.8CRITICAL
EPSS
84.8%
top 0.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Solr
Timeline
PublishedOct 13
Latest updateFeb 10

Description

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

Mavenorg.apache.solr:solr-core6.6.08.6.3
Mavenorg.apache.solr:solr-solrj6.6.08.6.3
Mavenorg.apache.solr:solr-parent6.6.08.6.3
NVDapache/solr6.6.06.6.6+2
CVEListV5apache_solrApache Solr 6.6.0 to 6.6.6, 7.0.0 to 7.7.3, 8.0.0 to 8.6.2

🔴Vulnerability Details

3
GHSA
Incorrect Authorization in Apache Solr2022-02-10
OSV
Incorrect Authorization in Apache Solr2022-02-10
CVEList
CVE-2020-13957: Apache Solr versions 62020-10-13

📋Vendor Advisories

2
Red Hat
solr: The checks added to unauthenticated configset uploads can be circumvented2020-10-12
Debian
CVE-2020-13957: lucene-solr - Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents ...2020

💬Community

2
Bugzilla
CVE-2020-13957 solr3: solr: The checks added to unauthenticated configset uploads can be circumvented [fedora-31]2020-10-22
Bugzilla
CVE-2020-13957 solr: The checks added to unauthenticated configset uploads can be circumvented2020-10-22
CVE-2020-13957 (CRITICAL CVSS 9.8) | Apache Solr versions 6.6.0 to 6.6.6 | cvebase.io