H3-2023-0023¶

Apache Solr Arbitrary File Read Vulnerability

Description¶

Apache Solr versions prior to 9.4 and 10.0 are vulnerable to issues that allow unauthenticated attackers to read arbitrary files hosted on the Solr server.

Impact¶

Unauthenticated attackers can exploit this vulnerability to access all data hosted on the Solr server.

References¶

• Configuring Authentication, Authorization and Audit Logging
• Apache Solr Security Advisory
• Apache Solr Arbitrary File Read and SSRF Vulnerability Threat Alert
• Apache Solr Security News