CVE-2023-50292

Name of the Vulnerable Software and Affected Versions Apache Solr versions 8.10.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.2.x

Description The issue is related to an Incorrect Permission Assignment for Critical Resource and Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. The Schema Designer feature was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered, allowing configSets created by unauthenticated users to load external libraries when used in the Schema Designer. This could potentially lead to Remote Code Execution.

Recommendations For Apache Solr versions 8.10.0 through 8.11.2, upgrade to version 8.11.3. For Apache Solr versions 9.0.0 through 9.2.x, upgrade to version 9.3.0.