Vulnerability Description
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Solr | < 8.6.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2
- https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a54
- https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb
- https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc6Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2
- https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a54
- https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb
- https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc6Mailing ListVendor Advisory
FAQ
What is CVE-2020-13941?
CVE-2020-13941 is a vulnerability with a CVSS score of 8.8 (HIGH). Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-com...
How severe is CVE-2020-13941?
CVE-2020-13941 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13941?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Solr.