bitnami
/
vulndb
mirror of https://github.com/bitnami/vulndb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update 20240216071626 (#348) 

feat: Updated at 20240216071626

Signed-off-by: bitnami-bot <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot 2024-02-16 08:49:59 +01:00 committed by GitHub
parent 04c5d3a950
commit d126ae21e2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 1016 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
data/django/BIT-django-2024-24680.json Normal file
View File

@ -0,0 +1,70 @@
{
"schema_version": "1.5.0",
"id": "BIT-django-2024-24680",
"details": "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.",
"aliases": [
"CVE-2024-24680"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "django",
"purl": "pkg:bitnami/django"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.2"
},
{
"fixed": "3.2.24"
},
{
"introduced": "4.2"
},
{
"fixed": "4.2.10"
},
{
"introduced": "5.0"
},
{
"fixed": "5.0.2"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/5.0/releases/security/"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/"
}
],
"published": "2024-02-16T07:18:06.457Z",
"modified": "2024-02-16T07:49:18.614Z"
}

72
data/envoy/BIT-envoy-2024-23322.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-envoy-2024-23322",
"details": "Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"aliases": [
"CVE-2024-23322"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.26.0"
},
{
"fixed": "1.26.7"
},
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.3"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.1"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
}
],
"published": "2024-02-16T07:19:13.444Z",
"modified": "2024-02-16T07:49:18.614Z"
}

72
data/envoy/BIT-envoy-2024-23323.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-envoy-2024-23323",
"details": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"aliases": [
"CVE-2024-23323"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.26.0"
},
{
"fixed": "1.26.7"
},
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.3"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.1"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.1"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
}
],
"published": "2024-02-16T07:19:04.211Z",
"modified": "2024-02-16T07:49:18.614Z"
}

72
data/envoy/BIT-envoy-2024-23324.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-envoy-2024-23324",
"details": "Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"aliases": [
"CVE-2024-23324"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.26.0"
},
{
"fixed": "1.26.7"
},
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.3"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.1"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6"
}
],
"published": "2024-02-16T07:18:54.415Z",
"modified": "2024-02-16T07:49:18.614Z"
}

72
data/envoy/BIT-envoy-2024-23325.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-envoy-2024-23325",
"details": "Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isnt supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"aliases": [
"CVE-2024-23325"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.26.0"
},
{
"fixed": "1.26.7"
},
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.3"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.1"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26"
}
],
"published": "2024-02-16T07:18:43.316Z",
"modified": "2024-02-16T07:49:18.614Z"
}

72
data/envoy/BIT-envoy-2024-23327.json Normal file
View File

@ -0,0 +1,72 @@
{
"schema_version": "1.5.0",
"id": "BIT-envoy-2024-23327",
"details": "Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"aliases": [
"CVE-2024-23327"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.26.0"
},
{
"fixed": "1.26.7"
},
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.3"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.1"
},
{
"introduced": "1.29.0"
},
{
"fixed": "1.29.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j"
}
],
"published": "2024-02-16T07:18:32.218Z",
"modified": "2024-02-16T07:49:18.614Z"
}

62
data/mattermost/BIT-mattermost-2024-1402.json Normal file
View File

@ -0,0 +1,62 @@
{
"schema_version": "1.5.0",
"id": "BIT-mattermost-2024-1402",
"details": "Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. ",
"aliases": [
"CVE-2024-1402"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "mattermost",
"purl": "pkg:bitnami/mattermost"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.7"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.1.4"
},
{
"introduced": "9.2.0"
},
{
"fixed": "9.2.3"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"published": "2024-02-16T07:22:52.427Z",
"modified": "2024-02-16T07:49:18.614Z"
}

50
data/mattermost/BIT-mattermost-2024-23319.json Normal file
View File

@ -0,0 +1,50 @@
{
"schema_version": "1.5.0",
"id": "BIT-mattermost-2024-23319",
"details": "Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.",
"aliases": [
"CVE-2024-23319"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "mattermost",
"purl": "pkg:bitnami/mattermost"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.7"
}
]
}
]
}
],
"database_specific": {
"severity": "Low",
"cpes": [
"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"published": "2024-02-16T07:22:43.833Z",
"modified": "2024-02-16T07:49:18.614Z"
}

50
data/mattermost/BIT-mattermost-2024-24774.json Normal file
View File

@ -0,0 +1,50 @@
{
"schema_version": "1.5.0",
"id": "BIT-mattermost-2024-24774",
"details": "Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.",
"aliases": [
"CVE-2024-24774"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "mattermost",
"purl": "pkg:bitnami/mattermost"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.7"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"published": "2024-02-16T07:22:34.926Z",
"modified": "2024-02-16T07:49:18.614Z"
}

50
data/mattermost/BIT-mattermost-2024-24776.json Normal file
View File

@ -0,0 +1,50 @@
{
"schema_version": "1.5.0",
"id": "BIT-mattermost-2024-24776",
"details": "Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.",
"aliases": [
"CVE-2024-24776"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "mattermost",
"purl": "pkg:bitnami/mattermost"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.7"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"published": "2024-02-16T07:22:25.847Z",
"modified": "2024-02-16T07:49:18.614Z"
}

68
data/postgresql/BIT-postgresql-2024-0985.json Normal file
View File

@ -0,0 +1,68 @@
{
"schema_version": "1.5.0",
"id": "BIT-postgresql-2024-0985",
"details": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.",
"aliases": [
"CVE-2024-0985"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "postgresql",
"purl": "pkg:bitnami/postgresql"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "12.0"
},
{
"fixed": "12.18"
},
{
"introduced": "13.0"
},
{
"fixed": "13.14"
},
{
"introduced": "14.0"
},
{
"fixed": "14.11"
},
{
"introduced": "15.0"
},
{
"fixed": "15.6"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://www.postgresql.org/support/security/CVE-2024-0985/"
}
],
"published": "2024-02-16T07:28:53.431Z",
"modified": "2024-02-16T07:49:18.614Z"
}

62
data/postgresql/BIT-postgresql-2024-24213.json Normal file
View File

@ -0,0 +1,62 @@
{
"schema_version": "1.5.0",
"id": "BIT-postgresql-2024-24213",
"details": "Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.",
"aliases": [
"CVE-2024-24213"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "postgresql",
"purl": "pkg:bitnami/postgresql"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.1"
},
{
"last_affected": "15.1"
}
]
}
]
}
],
"database_specific": {
"severity": "Critical",
"cpes": [
"cpe:2.3:a:postgresql:postgresql:15.1:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://app.flows.sh:8443/project/default%2C"
},
{
"type": "WEB",
"url": "https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213"
},
{
"type": "WEB",
"url": "https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer."
},
{
"type": "WEB",
"url": "https://reference1.example.com/project/default/logs/explorer%2C"
}
],
"published": "2024-02-16T07:28:44.539Z",
"modified": "2024-02-16T07:49:18.614Z"
}

60
data/solr/BIT-solr-2023-50291.json Normal file
View File

@ -0,0 +1,60 @@
{
"schema_version": "1.5.0",
"id": "BIT-solr-2023-50291",
"details": "Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had \"password\" contained in the name.There are a number of sensitive system properties, such as \"basicauth\" and \"aws.secretKey\" do not contain \"password\", thus their values were published via the \"/admin/info/properties\" endpoint.This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.This /admin/info/properties endpoint is protected under the \"config-read\" permission.Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the \"config-read\" permission.Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.A single option now controls hiding Java system property for all endpoints, \"-Dsolr.hiddenSysProps\".By default all known sensitive properties are hidden (including \"-Dbasicauth\"), as well as any property with a name containing \"secret\" or \"password\".Users who cannot upgrade can also use the following Java system property to fix the issue:  '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'",
"aliases": [
"CVE-2023-50291"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "solr",
"purl": "pkg:bitnami/solr"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.11.3"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.3.0"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/09/4"
},
{
"type": "WEB",
"url": "https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies"
}
],
"published": "2024-02-16T07:31:32.843Z",
"modified": "2024-02-16T07:49:18.614Z"
}

60
data/solr/BIT-solr-2023-50292.json Normal file
View File

@ -0,0 +1,60 @@
{
"schema_version": "1.5.0",
"id": "BIT-solr-2023-50292",
"details": "Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.However, when the feature was created, the \"trust\" (authentication) of these configSets was not considered.External library loading is only available to configSets that are \"trusted\" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.Since the Schema Designer loaded configSets without taking their \"trust\" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.Users are recommended to upgrade to version 9.3.0, which fixes the issue.",
"aliases": [
"CVE-2023-50292"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "solr",
"purl": "pkg:bitnami/solr"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.11.3"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.4.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/09/3"
},
{
"type": "WEB",
"url": "https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions"
}
],
"published": "2024-02-16T07:31:24.456Z",
"modified": "2024-02-16T07:49:18.614Z"
}

64
data/solr/BIT-solr-2023-50298.json Normal file
View File

@ -0,0 +1,64 @@
{
"schema_version": "1.5.0",
"id": "BIT-solr-2023-50298",
"details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a \"zkHost\" parameter.When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever \"zkHost\" the user provides.An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information,then send a streaming expression using the mock server's address in \"zkHost\".Streaming Expressions are exposed via the \"/streaming\" handler, with \"read\" permissions.Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.",
"aliases": [
"CVE-2023-50298"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "solr",
"purl": "pkg:bitnami/solr"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.11.3"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.4.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/09/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/09/3"
},
{
"type": "WEB",
"url": "https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions"
}
],
"published": "2024-02-16T07:31:15.910Z",
"modified": "2024-02-16T07:49:18.614Z"
}

60
data/solr/BIT-solr-2023-50386.json Normal file
View File

@ -0,0 +1,60 @@
{
"schema_version": "1.5.0",
"id": "BIT-solr-2023-50386",
"details": "Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.",
"aliases": [
"CVE-2023-50386"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "solr",
"purl": "pkg:bitnami/solr"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.11.3"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.4.1"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/09/1"
},
{
"type": "WEB",
"url": "https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets"
}
],
"published": "2024-02-16T07:31:03.221Z",
"modified": "2024-02-16T07:49:18.614Z"
}