You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by md...@apache.org on 2021/04/12 22:12:02 UTC
[solr-site] branch main updated: Publish CVEs for Solr 8.8.2
This is an automated email from the ASF dual-hosted git repository.
mdrob pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/main by this push:
new eb060a0 Publish CVEs for Solr 8.8.2
eb060a0 is described below
commit eb060a0d2cf1d31de403665407fff7a0255578ec
Author: Mike Drob <md...@apple.com>
AuthorDate: Mon Apr 12 17:11:51 2021 -0500
Publish CVEs for Solr 8.8.2
---
content/solr/security/2021-04-12-cve-2021-27905.md | 27 ++++++++++++++++++++
content/solr/security/2021-04-12-cve-2021-29262.md | 29 ++++++++++++++++++++++
content/solr/security/2021-04-12-cve-2021-29943.md | 26 +++++++++++++++++++
3 files changed, 82 insertions(+)
diff --git a/content/solr/security/2021-04-12-cve-2021-27905.md b/content/solr/security/2021-04-12-cve-2021-27905.md
new file mode 100644
index 0000000..ee9e077
--- /dev/null
+++ b/content/solr/security/2021-04-12-cve-2021-27905.md
@@ -0,0 +1,27 @@
+Title: CVE-2021-27905: SSRF vulnerability with the Replication handler
+category: solr/security
+cve: CVE-2020-27905
+
+**Severity:**
+High
+
+**Versions Affected:**
+7.0.0 to 7.7.3
+8.0.0 to 8.8.1
+
+**Description:**
+The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core.
+To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not.
+
+**Mitigation:**
+Any of the following are enough to prevent this vulnerability:
+
+* Upgrade to `Solr 8.8.2` or greater.
+* If upgrading is not an option, consider applying the patch in [SOLR-15217](https://issues.apache.org/jira/browse/SOLR-15217)
+* Ensure that any access to the replication handler is purely internal to Solr. Typically, it's only accessed externally for diagnostic/informational purposes.
+
+**Credit:**
+Reported by Caolinhong(Skay) from QI-ANXIN Cert (QI-ANXIN Technology Group Inc.)
+
+**References:**
+[SOLR-15217](https://issues.apache.org/jira/browse/SOLR-15217): CVE-2021-27905: SSRF vulnerability with the Replication handler
diff --git a/content/solr/security/2021-04-12-cve-2021-29262.md b/content/solr/security/2021-04-12-cve-2021-29262.md
new file mode 100644
index 0000000..de29ed1
--- /dev/null
+++ b/content/solr/security/2021-04-12-cve-2021-29262.md
@@ -0,0 +1,29 @@
+Title: CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
+category: solr/security
+cve: CVE-2020-29262
+
+**Severity:**
+High
+
+**Versions Affected:**
+7.0.0 to 7.7.3
+8.0.0 to 8.8.1
+
+**Description:**
+When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable.
+Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
+
+**Mitigation:**
+Any of the following are enough to prevent this vulnerability:
+
+* Manually set appropriate ACLs on /security.json znode.
+* Upgrade to `Solr 8.8.2` or greater.
+* If upgrading is not an option, consider applying the patch in [SOLR-15249](https://issues.apache.org/jira/browse/SOLR-15249)
+* Ensure that any access to zookeeper is only by trusted application.
+
+**Credit:**
+Timothy Potter and Mike Drob, Apple Cloud Services
+
+**References:**
+[SOLR-15249](https://issues.apache.org/jira/browse/SOLR-15249): CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
+
diff --git a/content/solr/security/2021-04-12-cve-2021-29943.md b/content/solr/security/2021-04-12-cve-2021-29943.md
new file mode 100644
index 0000000..91bda0b
--- /dev/null
+++ b/content/solr/security/2021-04-12-cve-2021-29943.md
@@ -0,0 +1,26 @@
+Title: CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
+category: solr/security
+cve: CVE-2020-29943
+
+**Severity:**
+High
+
+**Versions Affected:**
+7.0.0 to 7.7.3
+8.0.0 to 8.8.1
+
+**Description:**
+When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
+
+**Mitigation:**
+Any of the following are enough to prevent this vulnerability:
+
+* Upgrade to `Solr 8.8.2` or greater.
+* If upgrading is not an option, consider applying the patch in [SOLR-15233](https://issues.apache.org/jira/browse/SOLR-15233)
+* Use a different authentication plugin, such as the KerberosPlugin or HadoopAuthPlugin
+
+**Credit:**
+Geza Nagy
+
+**References:**
+[SOLR-15233](https://issues.apache.org/jira/browse/SOLR-15233): CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections