Bug 2263579 (CVE-2023-50292)
| Summary: | CVE-2023-50292 Solr: Schema Designer trusts all configsets, possibly leading to RCE by unauthenticated users | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Robb Gatica <rgatica> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, asoldano, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, cmiranda, darran.lofthouse, dkreling, dosoudil, fjuma, gmalinko, ivassile, iweiss, janstey, lgao, mosmerov, msochure, mstefank, msvehla, nwallace, pcongius, pdelbell, pjindal, pmackay, rstancel, smaestri, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | solr 9.3.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Apache Solr. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, it may load untrusted configSets, which can allow an unauthenticated user to load external libraries when used in the Schema Designer. This issue may allow an attacker to perform remote code execution on the affected system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2263574 | ||
|
Description
Robb Gatica
2024-02-09 22:06:53 UTC
|