GHSA-xrj7-x7gp-wwqr

Source

https://github.com/advisories/GHSA-xrj7-x7gp-wwqr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-xrj7-x7gp-wwqr/GHSA-xrj7-x7gp-wwqr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xrj7-x7gp-wwqr

Aliases

Related

CGA-49j5-hc95-v89p

Published

2024-02-09T18:31:07Z

Modified

2024-08-19T21:10:13.643669Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds

Details

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.

Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.

When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides.

An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost".

Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.

Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.

From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.

Database specific

{
    "nvd_published_at": "2024-02-09T18:15:08Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-922"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T20:57:43Z"
}

References

Affected packages

Maven / org.apache.solr:solr-solrj-streaming

Package

Name: org.apache.solr:solr-solrj-streaming; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-solrj-streaming

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.4.1

Affected versions

9.*

9.2.0

9.2.1

9.3.0

9.4.0

Maven / org.apache.solr:solr-solrj-streaming

Package

Name: org.apache.solr:solr-solrj-streaming; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-solrj-streaming

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

8.11.3

Maven / org.apache.solr:solr-solrj

Package

Name: org.apache.solr:solr-solrj; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-solrj

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.4.1

Affected versions

9.*

9.0.0

9.1.0

9.1.1

9.2.0

9.2.1

9.3.0

9.4.0

Maven / org.apache.solr:solr-solrj

Package

Name: org.apache.solr:solr-solrj; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-solrj

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

8.11.3

Affected versions

6.*

6.0.0

6.0.1

6.1.0

6.2.0

6.2.1

6.3.0

6.4.0

6.4.1

6.4.2

6.5.0

6.5.1

6.6.0

6.6.1

6.6.2

6.6.3

6.6.4

6.6.5

6.6.6

7.*

7.0.0

7.0.1

7.1.0

7.2.0

7.2.1

7.3.0

7.3.1

7.4.0

7.5.0

7.6.0

7.7.0

7.7.1

7.7.2

7.7.3

8.*

8.0.0

8.1.0

8.1.1

8.2.0

8.3.0

8.3.1

8.4.0

8.4.1

8.5.0

8.5.1

8.5.2

8.6.0

8.6.1

8.6.2

8.6.3

8.7.0

8.8.0

8.8.1

8.8.2

8.9.0

8.10.0

8.10.1

8.11.0

8.11.1

8.11.2