Liu Huajin

**Name of the Vulnerable Software and Affected Versions** Apache Solr versions 6.6.0 through 8.11.3 Apache Solr versions 9.0.0 through 9.6.x **Description** The issue arises from the insecure default initialization of resources in Apache Solr, where new ConfigSets created via a Restore command lack the "trusted" metadata, leading to implicit trust. This allows "trusted" ConfigSets to load custom code into classloaders without being created with an authenticated request. The "trusted" flag is supposed to be set only when the request that uploads the ConfigSet is authenticated and authorized. **Recommendations** For Apache Solr versions 6.6.0 through 8.11.3, upgrade to version 8.11.4 to mitigate the issue. For Apache Solr versions 9.0.0 through 9.6.x, upgrade to version 9.7.0 to mitigate the issue. As a general recommendation, users are advised to use Authentication and Authorization when running Solr to prevent such issues.

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 5.3.0 through 8.11.3 Apache Solr versions 9.0.0 through 9.6.9 Description: The issue is related to an improper authentication vulnerability in Apache Solr, where Solr instances using the PKIAuthenticationPlugin are vulnerable to authentication bypass. A fake ending at the end of any Solr API URL path can allow requests to skip authentication while maintaining the API contract with the original URL path. This fake ending looks like an unprotected API path but is stripped off internally after authentication but before API routing. Over 45,000 services are potentially affected by this issue. Recommendations: To resolve the issue, upgrade Apache Solr to version 8.11.4 or 9.7.0, which fix the issue. As a temporary workaround, consider restricting access to Solr API endpoints to minimize the risk of exploitation.