Description
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
Remediation
References
https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075%40%3Ccommits.lucene.apache.org%3E
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34%40%3Cdev.bigtop.apache.org%3E
https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r2a6600fe9afd502c04d26fd112823ec3f3c3ad1b4a289d10567a78a0%40%3Cdev.bigtop.apache.org%3E
https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r3da9895cea476bcee2557531bebd4e8f6f367dc3ea900a65e2f51cd8%40%3Cissues.bigtop.apache.org%3E
https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r622a043c2890327f8a4aea16b131e8a7137a282a004614369fceb224%40%3Cdev.bigtop.apache.org%3E
https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3%40%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r999f828e6e37d9e825e207471cbfd2681c3befcd7f3abd59ed87c0d5%40%3Cissues.bigtop.apache.org%3E
https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7%40%3Ccommits.lucene.apache.org%3E
https://lists.apache.org/thread.html/rb1de6ba50a468e9baff32a249edaa08f6bcec7dd7cc208e25e6b48c8%40%3Cissues.bigtop.apache.org%3E
https://lists.apache.org/thread.html/rb2f1c7fd3d3ea719dfac4706a80e6affddecae8663dda04e1335347f%40%3Ccommits.bigtop.apache.org%3E
https://lists.apache.org/thread.html/rf1a32f00017e83ff29a74be2de02e28e4302dddb5f14c624e297a8c0%40%3Cdev.bigtop.apache.org%3E
https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E
https://security.netapp.com/advisory/ntap-20201023-0002/
Related Vulnerabilities
CVE-2023-26102 Vulnerability in npm package rangy
CVE-2020-24922 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2020-2168 Vulnerability in maven package org.jenkins-ci.plugins:azure-acs
CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-csrf-reactive