📦 Solr

This CVE describes an authentication bypass vulnerability in Apache Solr's PKIAuthenticationPlugin. Attackers can bypass authentication by appending a fake ending to Solr API URLs, allowing unauthoriz...

This vulnerability in Apache Solr's DataImportHandler allows attackers to make SMB network calls from the Solr host to other systems by providing Windows UNC paths. This can lead to credential theft v...

CVE-2021-27905 is a Server-Side Request Forgery (SSRF) vulnerability in Apache Solr's ReplicationHandler that allows attackers to make arbitrary HTTP requests from the Solr server. This can lead to in...

This vulnerability in Apache Solr's ConfigurableInternodeAuthHadoopPlugin causes distributed requests to be forwarded using server credentials instead of client credentials, leading to incorrect autho...

This vulnerability in Apache Solr allows attackers to bypass security controls and upload malicious ConfigSets via API without authentication. By combining UPLOAD and CREATE actions, attackers can ena...

Apache Solr deployments using RuleBasedAuthorizationPlugin with specific configurations are vulnerable to unauthorized API access. Attackers can bypass authorization controls to read sensitive configu...

This vulnerability in Apache Solr allows attackers to bypass path restrictions and read unauthorized files from the filesystem when creating new cores. On Windows systems, this can lead to NTLM hash d...

Apache Solr leaks sensitive system properties like 'basicauth' and 'aws.secretKey' through the /admin/info/properties endpoint because the redaction logic only hid properties containing 'password'. Th...

This vulnerability in Apache Solr allows attackers to steal ZooKeeper credentials and ACLs by tricking Solr into sending them to a malicious server. Attackers can exploit the Streaming Expressions fea...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

This CVE describes a relative path traversal vulnerability (zipslip) in Apache Solr's configset upload API on Windows systems. Attackers can upload malicious ZIP files containing relative paths to wri...